MultiDropper-LA
This malware was reported by: Network Associates Inc
W32/Bagle.am!proxy
This malware was reported by: Network Associates Inc
This variant does not mass-mail like previous variants.It attempts to connect to various websites and acts as a mail relay.
It attempts to disable various Antivirus programs.
Top of Page
W32/Zindos-A
This malware was reported by: Sophos
W32/Zindos-A is a worm that spreads using the backdoor opened by W32/MyDoom-O.
The worm creates one of the following registry entries to ensure that it is run each time Windows starts:
HKLMSoftwareMicrosoftWindowsCurrentVersionRunTray
or
HKCUSoftw
W32/Zindos.worm
This malware was reported by: Network Associates Inc
AdClicker-O.dr
This malware was reported by: Network Associates Inc
WORM_ZINDOS.A
This malware was reported by: Trendmicro
This worm propagates by generating random IP addresses and by trying to connect to TCP port 1034 using the said addresses. When it successfully connects to a target system, it drops copies of itself on the said machine.
Zindos.A
This malware was reported by: Computer Associates
Win32.Zindos.A is a worm spreading through systems compromised by Win32.Mydoom.O. It has been distributed as a 5,760-byte UPX-compressed Win32 executable.
Zindos.A
This malware was reported by: Panda Software
Zindos.A is a worm that spreads across the Internet. In order to do so, it takes advantage of the backdoor created by Mydoom.N in the TCP port 1034. Then, Zindos.A makes copies of itself in those computers affected by the worm Mydoom.N.Additionally, Zind
Ndrv
This malware was reported by: Panda Software
Ndrv is an adware type program, which offers users an application in exchange for viewing a series of advertisements.Ndrv is a BHO (Browser Helper Object) type dynamic link library (DLL), that is loaded together with the browser Internet Explorer, so tha
Downloader.NG
This malware was reported by: Panda Software
Downloader.NG is an update of the Trojan detected by Panda Software as Downloader.GK.Downloader.NG is downloaded to the computer when the user accesses certain websites and accepts to install an specific ActiveX control.
Zindos
This malware was reported by: F-Secure
Zindos is a network worm which spreads with the help of the
Mydoom.M mass-mailing worm. Mydoom.M plants a backdoor that
scans for other systems with the same backdoor.
Zindos uses the backdoor and its target list to spread.
The payload is a Distribu
WORM_MYDOOM.M
This malware was reported by: Trendmicro
This member of the MYDOOM family of mailing worm programs is currently spreading in the wild, with several infection reports received from Singapore, Germany, and the United States. As of 8:31 AM, July 26, 2004 (GMT -7:00), TrendLabs has raised a Medium R
Exploit-WebDAV
This malware was reported by: Network Associates Inc
OF97/Toraja-I
This malware was reported by: Sophos
OF97/Toraja-I is a macro virus for the Microsoft Office 97 platform.
It will create an infected document in the following location to ensure it is run when Excel starts.
C:Program FilesMicrosoft OfficeOfficeXlstartstart25.xls
WORM_MABUTU.A
This malware was reported by: Trendmicro
This worm propagates via email. It harvests email addresses from the Windows Address Boook (WAB), MSN Messenger contact list, and other sources, and sends out an email message with the following details:
W32.Korgo.Z
This malware was reported by: Symantec
W32.Mits.A@mm
This malware was reported by: Symantec
W32.Mits.A@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on an infected host.
The worm alters many system settings, including registry editing to make it difficult to remove.
Downloader-NE.dr
This malware was reported by: Network Associates Inc
MhtRedir.N
This malware was reported by: Panda Software
W32.Korgo.Z
This malware was reported by: Symantec
W32.Korgo.Z is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445.
Troj/Small-AO
This malware was reported by: Sophos
Troj/Small-AO is a backdoor Trojan. The Trojan allows a remote attacker to
control a computer and includes service and process management features.
W32.Lovgate.AK@mm
This malware was reported by: Symantec
W32.Lovgate.AK@mm is a variant of W32.Lovgate.W@mm that:
Attempts to reply to all the email messages in the Microsoft Outlook inbox.
Scans files that have the .txt, .pl, .wab, .adb, .tbb, .dbx, .asp, .php, .sht, and .htm extensions for email address
Backdoor.Berbew.I
This malware was reported by: Symantec
Backdoor.Berbew.I attempts to steal cached passwords.
W32.Mota.B@mm
This malware was reported by: Symantec
W32.Mota.B@mm is a worm that propagates by sending itself to the email addresses gathered from the system. The email has a variable subject and attachment name. The attachment will have a .txt, .scr, or .zip file extension.
Backdoor.Moonlit
This malware was reported by: Symantec
Backdoor.Moonlit is a Trojan horse program that can download and execute files, and may act as a proxy server.
W32/Mydoom.o@MM!zip
This malware was reported by: Network Associates Inc
This detection covers ZIP files created by the W32/Mydoom.o@MM virus. For more information, see:
http://vil.nai.com/vil/content/v_127033.htm
Top of Page
Dropper.O
This malware was reported by: Panda Software
W32/Mabutu.b@MM
This malware was reported by: Network Associates Inc
AFXrootkit
This malware was reported by: Network Associates Inc
Mabutu
This malware was reported by: F-Secure
Mabutu is a mass-mailing worm which spreads in short and simple
emails with infected attachments.
Mabutu comes with an IRC-controlled backdoor component.
W32/Rbot-EW
This malware was reported by: Sophos
W32/Rbot-EW is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process
Mabutu.B
This malware was reported by: Panda Software
Mabutu.B is a worm that connects to different IRC servers, in order to notify its author that the computer has been affected. This action allows it to wait for remote control commands.Mabutu.B spreads via e-mail in a message with variable chara
W32/Sdbot-KU
This malware was reported by: Sophos
W32/Sdbot-KU is an IRC backdoor Trojan and network worm which can run in the background as a service process and allow unauthorised remote access to an intruder via the IRC network.
W32/Sdbot-KU copies itself to the Windows System (or System32 unde
QHosts-1!hosts
This malware was reported by: Network Associates Inc
W32/Tompai-A
This malware was reported by: Sophos
W32/Tompai-A is a virus with backdoor functionality for the Windows platform, which spreads via network shares.
The virus creates three copies of itself in the Windows system folder. One copy is named mainsv.exe. The others are randomly chosen from
W97M.Moridin
This malware was reported by: Symantec
W97M.Moridin is a macro virus that infects Microsoft Word documents. It also disables macro virus protection, attempts to create an outgoing Pegasus Mail message, and attempts to run .exe components.
Backdoor.Kika.A
This malware was reported by: Symantec
Backdoor.Kika.A is a backdoor program that allows unauthorized remote access to a compromised system. It attempts to steal system and user information.
Due to bugs in the code, some functions of this threat may not operate as intended, and the system m
BackDoor-BDI
This malware was reported by: Network Associates Inc
AFXrootkit.dll.gen
This malware was reported by: Network Associates Inc
Mabutu.A
This malware was reported by: Computer Associates
Mitglieder.BA
This malware was reported by: Computer Associates
Mitlgieder.BA is a backdoor trojan that can act as a socks proxy, as well as allowing limited control of an infected machine through the use of a malformed
W32.Mydoom.N@mm
This malware was reported by: Symantec
W32.Mydoom.N@mm is a variant of W32.Mydoom.M@mm. It is a mass-mailing worm that drops and executes a backdoor that is detected as Backdoor.Zincite.A, which listens on TCP port 1034.
The worm uses its own SMTP engine to send itself to email addresses tha
Glieder
This malware was reported by: Computer Associates
Win32.Glieder is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. In the wild, we have seen this trojan d
W32/Rbot-FC
This malware was reported by: Sophos
W32/Rbot-FC is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process
BackDoor-CHI
This malware was reported by: Network Associates Inc
MS04-025_INTERNET_EXPLORER
This malware was reported by: Trendmicro
W32.Bugbros.C@mm
This malware was reported by: Symantec
Trojan.Download.Inor.C
This malware was reported by: Symantec
Downloader-NJ
This malware was reported by: Network Associates Inc
W32/Bagle.dll.gen
This malware was reported by: Network Associates Inc
MS Vulnerability MS04-025
This malware was reported by: Network Associates Inc
Mabutu.B
This malware was reported by: Computer Associates
W32/Mydoom.p@MM
This malware was reported by: Network Associates Inc
WORM_MYDOOM.N
This malware was reported by: Trendmicro
Mydoom.P
This malware was reported by: Computer Associates
Win32.Mydoom.P is a worm that spreads via e-mail and contains limited backdoor functionality. It has been distributed as a 35,328-byte, ASPack compressed, W
WORM_NACHI.L
This malware was reported by: Trendmicro
WORM_MYDOOM.O
This malware was reported by: Trendmicro
W32.Evaman.C@mm
This malware was reported by: Symantec
W32.Gaobot.BAJ
This malware was reported by: Symantec
W32.Korgo.AD
This malware was reported by: Symantec
PWSteal.Perfectspy
This malware was reported by: Symantec
W32.Rotor
This malware was reported by: Symantec
Trojan.Exruntel
This malware was reported by: Symantec
Mydoom.P
This malware was reported by: Panda Software
Mydoom.O
This malware was reported by: Panda Software
W32/Mydoom.q@MM
This malware was reported by: Network Associates Inc
StartPage-EC
This malware was reported by: Network Associates Inc
QUrl-2
This malware was reported by: Network Associates Inc
W32/Lovgate.f@M
This malware was reported by: Network Associates Inc
Keylog-Sconato
This malware was reported by: Network Associates Inc
Morphine
This malware was reported by: Network Associates Inc
Downloader-NK
This malware was reported by: Network Associates Inc
MyDoom.O
This malware was reported by: F-Secure
MyDoom.Q
This malware was reported by: F-Secure
Evaman.C
This malware was reported by: Computer Associates
Likmet.A
This malware was reported by: Computer Associates
Protoride.I
This malware was reported by: Computer Associates
Dluca.H
This malware was reported by: Computer Associates
Gobot
This malware was reported by: Computer Associates
Kindal
This malware was reported by: Computer Associates
Dluca.G
This malware was reported by: Computer Associates
W32/MyDoom-Q
This malware was reported by: Sophos
W32/Agobot-LL
This malware was reported by: Sophos
W32/Scaner-A
This malware was reported by: Sophos
W32/Agobot-LM
This malware was reported by: Sophos
Troj/CmjSpy-Z
This malware was reported by: Sophos
W32/Stewon-A
This malware was reported by: Sophos
W32/Febelneck-A
This malware was reported by: Sophos
Mabutu.A
This malware was reported by: Panda Software
W32.Saros@mm
This malware was reported by: Symantec
VBS/Cata-A
This malware was reported by: Sophos
W32/Evaman.c@MM
This malware was reported by: Network Associates Inc
Startpage.FZ
This malware was reported by: Computer Associates
W32/Nachi-K
This malware was reported by: Sophos
Downloader.OG
This malware was reported by: Panda Software
W32/Saros@MM
This malware was reported by: Network Associates Inc
W32/Doep-A
This malware was reported by: Sophos
W32.Myfip.A
This malware was reported by: Symantec
WORM_AMUS.A
This malware was reported by: Trendmicro
WORM_SAROS.A
This malware was reported by: Trendmicro