W32/Tilebot-CB
This malware was reported by: Sophos
W32/Tilebot-CB is a worm with backdoor functionality for the Windows platform.
W32/Tilebot-CB spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039)
W32/Rbot-BAM
This malware was reported by: Sophos
W32/Rbot-BAM is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BAM spreads:
- to other network computers infected with W32/Sasser
- to other network computers by exploiting common buffer overflow vulnerabilities, includ
WORM_KELVIR.DD
This malware was reported by: Trendmicro
Mytob.KM
This malware was reported by: Computer Associates
Description Win32.Mytob.KM is a worm that spreads via e-mail. The worm also acts as an IRC bot, allowing a controller unauthorized access to the affected machine.
W32.Kelvir.JJ
This malware was reported by: Symantec
W32.Kelvir.JJ is a worm that attempts to spread through MSN Messenger.
Trojan.Welomoch
This malware was reported by: Symantec
Trojan.Welomoch is a Trojan horse that attempts to utilize XCP software to hide W32.HLLW.Antinny, which it drops on to the compromised computer. The XCP software is installed by inserting certain Sony BMG content-protected music CDs into the computer.
Trojan.Ruindem
This malware was reported by: Symantec
Trojan.Ruindem is a Trojan horse that redirects Internet Explorer to pornographic Web sites, downloads and executes remote files, and sends confidential information to a remote Web site.
Trojan.Spaxe
This malware was reported by: Symantec
Trojan.Spaxe is a Trojan that attempts to download and execute files from remote Web servers.
Note: Definitions dated prior to December 8, 2005 detect this threat as Trojan.Download.Spaxe.
W32/Tilebot-CC
This malware was reported by: Sophos
W32/Tilebot-CC is a worm with backdoor functionality for the Windows platform.
W32/Tilebot-CC spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), LSASS (MS04-01
W32/Rbot-BAN
This malware was reported by: Sophos
W32/Rbot-BAN is a worm for the Windows platform.
W32/Rbot-BAN spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011) and RPC-DCOM (MS04-012).
Spam-Mailbot
This malware was reported by: Network Associates Inc
WORM_IXBOT.A
This malware was reported by: Trendmicro
This memory-resident worm spreads via popular instant messaging applications like the following:
Cardtrap.L
This malware was reported by: F-Secure
Cardtrap.L is a minor variation of Cardtrap.J.
Installation of Cardtrap.L fails in most cases. Although installation fails it may disable most of
the phone built in and 3rd party filemanager applications, copies Windows worms Win32.Rays and
Win32.Pa
Troj/Perda-I
This malware was reported by: Sophos
Troj/Perda-I is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
W32/Tilebot-BY
This malware was reported by: Sophos
W32/Tilebot-BY is a Trojan for the Windows platform.
W32/Tilebot-BY spreads:
- to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS0
W32.Mytob.MR@mm
This malware was reported by: Symantec
W32.Mytob.MR@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
Spyware-Skin
This malware was reported by: Network Associates Inc
Troj/Mipbot-A
This malware was reported by: Sophos
Troj/Mipbot-A is a Trojan for the Windows platform.
Troj/Mipbot-A attempts to connect to one of several pre-specified servers from where it can receive further information.
Troj/Mipbot-A is used to send unsolicited emails from an infected c
Troj/Graybrd-AU
This malware was reported by: Sophos
Troj/GrayBrd-AU is a Trojan for the Windows platform.
Troj/GrayBrd-AU includes functionality to access the internet and communicate with a remote server via HTTP.
Adware-Oemji
This malware was reported by: Network Associates Inc
Adware-Kazoom.dr
This malware was reported by: Network Associates Inc
Backdoor.Win32.IRCBot.kj
This malware was reported by: F-Secure
This instant messaging worm spreads in AOL Instant Messaging (AIM) network.
It was found in December 2005.
It sends copies of itself to people in the buddy list as a link, pointing
to a file called clarissa17.pif.
After that it replies to all messag
Adware-BlogCn
This malware was reported by: Network Associates Inc
Troj/Danmec-G
This malware was reported by: Sophos
Troj/Danmec-G is a Trojan for the Windows platform.
The Trojan opens a port and offers remote attackers the ability to route HTTP traffic through the infected computer. The Trojan may also download and install additional files and retrieve i
Troj/Dloadr-ABJ
This malware was reported by: Sophos
Troj/Dloadr-ABJ is a Trojan for the Windows platform.
W32/Rbot-BAL
This malware was reported by: Sophos
W32/Rbot-BAL is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BAL spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: WKS (MS03-049) (CAN-2003-0812) and ASN.1
(MS04-007) and
XCP_SecurityRisk
This malware was reported by: Computer Associates
WORM_DIOXIN.B
This malware was reported by: Trendmicro
W32/Lecna.worm.gen
This malware was reported by: Network Associates Inc
This is a share worm that propagates via network shares by exploiting a Microsoft Windows vulnerability [MS04-011 vulnerability (CAN-2003-0533)]. See:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
The worm is multi
Troj/Funot-A
This malware was reported by: Sophos
Troj/Funot-A is a Trojan for the Windows platform that includes the functionality to
replace existing files using the original filenames with the text file, rename existing files using names constructed from a predefined list, create text fil
W32/Mytob-GC
This malware was reported by: Sophos
W32/Mytob-GC is a mass-mailing worm and IRC backdoor Trojan.
W32/Mytob-GC runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels, includin
WORM_ZUSHA.D
This malware was reported by: Trendmicro
This memory-resident worm exploits the following vulnerabilities to propagate across networks:
Trojan.Zlob.F
This malware was reported by: Symantec
Trojan.Zlob.F is a Trojan horse that may download and execute remote files and redirect the Internet Explorer home page and search page.
W32/Sdbot-AGG
This malware was reported by: Sophos
W32/Sdbot-AGG is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AGG spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812) and ASN.1 (MS04-007).
W32/Sdbot-AGC
This malware was reported by: Sophos
W32/Sdbot-AGC is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AGC spreads to other network computers by Instant messaging programmes and by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (
W32.Sober@mm!dam
This malware was reported by: Symantec
W32.Sober@mm!dam is a corrupted version of W32.Sober@mm.
Adware-2Search.dr
This malware was reported by: Network Associates Inc
Downloader.GPH
This malware was reported by: Panda Software
Downloader.GPH is a Trojan that downloads an executable file that downloads and runs several files belonging to the worm detected as Blackmail.A and the Trojan called Bancos.KW to the affected computer.Downloader.GPH reaches the computer distributed by t
Troj/Bancban-LB
This malware was reported by: Sophos
Troj/Bancban-LB is a Trojan for the Windows platform.
Troj/Bancban-LB includes functionality to:
- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations
Troj/Banker-IK
This malware was reported by: Sophos
Troj/Banker-IK is a Trojan for the Windows platform.
Mytob.LX
This malware was reported by: Panda Software
Mytob.LX is a worm with backdoor characteristics that opens a TCP port in order to connect to an IRC server and receive control commands, which allow the affected computer to be remotely administrated.This worm ends processes belonging to several securit
Adware-Henbang
This malware was reported by: Network Associates Inc
Cardtrap.M
This malware was reported by: F-Secure
Cardtrap.M is Symbian SIS file trojan that disables several Symbian
built in applications, tries to damage several anti-virus applications,
and installs several Windows viruses worms and trojans to memory card.
The Windows malware installed to memor
Cabir.AB
This malware was reported by: F-Secure
Cabir.AB is a variant of SymbOS/Cabir worm that is recompiled from original
Cabir source code. Functionally it is very similar to original Cabir.
Doomboot.K
This malware was reported by: F-Secure
Doomboot.K is a malicious SIS file trojan that drops corrupted system
binaries into the infected device. The system files dropped by Doomboot.K
cause the device to fail at next reboot.
If you have installed Doomboot.K, the most important thing is no
W32/Loosky-E
This malware was reported by: Sophos
W32/Loosky-E is a multi-component email worm and backdoor Trojan for the Windows platform.
W32/Loosky-E runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the comp
W32/Tilebot-CB
This malware was reported by: Sophos
W32/Tilebot-CB is a worm with backdoor functionality for the Windows platform.
W32/Tilebot-CB spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039)
Trojan.Chuvazada
This malware was reported by: Symantec
Trojan.Chuvazada is a Trojan horse that collects system information and may send it to an attacker.
Troj/Zapchas-AD
This malware was reported by: Sophos
Troj/Zapchas-AD is a backdoor Trojan for the Windows platform.
Troj/Zapchas-AD runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
Tr
W32/Tilebot-CC
This malware was reported by: Sophos
W32/Tilebot-CC is a worm with backdoor functionality for the Windows platform.
W32/Tilebot-CC spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), LSASS (MS04-01
W32/Rbot-BBA
This malware was reported by: Sophos
W32/Rbot-BBA is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBA can spread via network shares, MSSQL when it finds weak passwords, file sharing on P2P networks, or by exploiting common vulnerabilities, including: LSASS
Troj/Perda-I
This malware was reported by: Sophos
Troj/Perda-I is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
W32.Looksky.E@mm
This malware was reported by: Symantec
W32.Looksky.E@mm is a mass-mailing worm that drops additional malware and lowers security settings on the compromised computer.
JS_DLOADER.BAA
This malware was reported by: Trendmicro
W32/Sdbot-AGD
This malware was reported by: Sophos
W32/Sdbot-AGD is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AGD spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812)
Troj/Mipbot-A
This malware was reported by: Sophos
Troj/Mipbot-A is a Trojan for the Windows platform.
Troj/Mipbot-A attempts to connect to one of several pre-specified servers from where it can receive further information.
Troj/Mipbot-A is used to send unsolicited emails from an infected c
JS_DLOADER.AZZ
This malware was reported by: Trendmicro
JS_DLOADER.AZY
This malware was reported by: Trendmicro
WORM_LOCKSKY.F
This malware was reported by: Trendmicro
W32/Agobot-UJ
This malware was reported by: Sophos
W32/Agobot-UJ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Agobot-UJ spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812)
W32.Spybot.ABDO
This malware was reported by: Symantec
W32.Spybot.ABDO is a worm that has distributed denial of service and back door capabilities. The worm spreads by copying itself to network shares protected by weak passwords, by exploiting vulnerabilities, and by sending links pointing to a copy of the w
TROJ_FRANLOAD.A
This malware was reported by: Trendmicro
This Trojan may be downloaded from the following URL:
W32.Dinoxi.B
This malware was reported by: Symantec
W32.Dinoxi
This malware was reported by: Symantec
Troj/Bckdr-AWR
This malware was reported by: Sophos
Troj/Bckdr-AWR is a Trojan for the Windows platform.
Troj/Bckdr-AWR includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Bckdr-AWR copies itself to <Windows>Windows.exe.
The
Troj/Dloadr-ABJ
This malware was reported by: Sophos
Troj/Dloadr-ABJ is a Trojan for the Windows platform.
Troj/Small-CAM
This malware was reported by: Sophos
Troj/Small-CAM is a Trojan for the Windows platform.
Troj/Small-CAM includes functionality to download additional files from a remote site.
Troj/Funot-A
This malware was reported by: Sophos
Troj/Funot-A is a Trojan for the Windows platform that includes the functionality to
replace existing files using the original filenames with the text file, rename existing files using names constructed from a predefined list, create text fil
OutsBot.AE
This malware was reported by: Computer Associates
Description Outsbot.AE is an IRC-controlled backdoor trojan that allows unauthorized access to an affected machine.
Troj/IRCBot-AU
This malware was reported by: Sophos
Troj/IRCBot-AU is an IRC Trojan with backdoor functionality.
W32/Sdbot-AGG
This malware was reported by: Sophos
W32/Sdbot-AGG is a worm and IRC backdoor Trojan for the Windows platform.
W32/Sdbot-AGG spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812) and ASN.1 (MS04-007).
TROJ_YABE.F
This malware was reported by: Trendmicro
TROJ_BAGLE.CC
This malware was reported by: Trendmicro
Spax Family
This malware was reported by: Computer Associates
Description Win32/Spax is a family of trojans that downloads and executes arbitrary files.
CVE-2005-1790!exploit
This malware was reported by: Computer Associates
Bloodhound.Beagle
This malware was reported by: Symantec
Bloodhound.Beagle is a heuristic detection that detects variants of the W32.Beagle family of mass-mailing worms.
Troj/Fasong-B
This malware was reported by: Sophos
Troj/Fasong-B is a Trojan for the Windows platform.
Troj/Bancban-LB
This malware was reported by: Sophos
Troj/Bancban-LB is a Trojan for the Windows platform.
Troj/Bancban-LB includes functionality to:
- access the internet and communicate with a remote server via HTTP
- send notification messages to remote locations
Adware-Starware.dr
This malware was reported by: Network Associates Inc
Adware-CramToolbar
This malware was reported by: Network Associates Inc
PE_TUFIK.E
This malware was reported by: Trendmicro
TROJ_MITGLIED.AF
This malware was reported by: Trendmicro
This Trojan is a .DLL component that arrives as a downloaded or dropped file by other malware, commonly BAGLE variants. It may be used by other malware to connect to certain Web sites.
TROJ_ZAPCHAST.BD
This malware was reported by: Trendmicro
WORM_KELVIR.DF
This malware was reported by: Trendmicro
This worm arrives on a system as a manually downloaded and installed file by an unsuspecting user visiting an affected Web site. It may also be dropped by other malware.
W32.Aizu.G
This malware was reported by: Symantec
W32.Aizu.G is a worm that attempts to exploit the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011) using TCP port 445, and the Microsoft RPCSS DCERPC DCOM Object Activatio
Adware-EZTracks
This malware was reported by: Network Associates Inc
W32/Rbot-BBB
This malware was reported by: Sophos
W32/Rbot-BBB is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBB runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channe
W32/Loosky-E
This malware was reported by: Sophos
W32/Loosky-E is a multi-component email worm and backdoor Trojan for the Windows platform.
W32/Loosky-E runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the comp
WORM_KELVIR.DH
This malware was reported by: Trendmicro
This memory-resident worm arrives on an affected system as dropped file of other malware, or as a downloaded file from the Internet. Upon execution, it drops and executes several files on the system.
W32/Sdbot-AGZ
This malware was reported by: Sophos
Troj/Zapchas-AD
This malware was reported by: Sophos
Troj/Zapchas-AD is a backdoor Trojan for the Windows platform.
Troj/Zapchas-AD runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
Tr
SymbOS.Cardtrp.L
This malware was reported by: Symantec
SymbOS.Cardtrp.I.
This malware was reported by: Symantec
SymbOS.Cardtrp.J
This malware was reported by: Symantec
Troj/Stinx-M
This malware was reported by: Sophos
W32/Rbot-BBA
This malware was reported by: Sophos
W32/Rbot-BBA is a worm and IRC backdoor Trojan for the Windows platform.
W32/Rbot-BBA can spread via network shares, MSSQL when it finds weak passwords, file sharing on P2P networks, or by exploiting common vulnerabilities, including: LSASS
Net-Worm.Win32.Theals.c
This malware was reported by: F-Secure
F-Secure Anti-virus had a false alarm by this name on a
legitimate file on 5th of December 2005.
The false alarm has been fixed in the update 2005-12-05_03. We
apologize for the inconvenience.
Hidrag
This malware was reported by: F-Secure
Hidrag is a memory resident Win32 virus. It creates a dropper for
itself in Windows directory and sets a startup key for that file
in the Registy. Being active the virus looks for EXE files on all
available drives and infects them.
CAN-2005-1790
This malware was reported by: F-Secure
Troj/BankDl-Z
This malware was reported by: Sophos
Troj/BankDl-Z is a downloading Trojan for the Windows platform.