BKDR_DUMADOR.BW
This malware was reported by: Trendmicro
To get a one-glance comprehensive view of the behavior of this backdoor, refer to the Behavior Diagram shown below.
Adware-BitLocker
This malware was reported by: Network Associates Inc
W32/Gurdof.worm!p2p
This malware was reported by: Network Associates Inc
W32/Gurdof.worm!p2p is written in Borland Delphi and propagates via the Kazaa peer to peer file-sharing network.
Upon execution, it attempts to create a copy of itself into the windows and system directory:
%Windir%windows.exe
%Windir%
Hotatom.A
This malware was reported by: Computer Associates
W32/Maniccum.worm
This malware was reported by: Network Associates Inc
-- Update March 9, 2006 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.informationweek.com/news/showArticle.jhtml?articleID=181501719
--
Proactive detection:
Products
W32/Duel@MM
This malware was reported by: Network Associates Inc
W32/Duel@MM is a parasitic file infector and mass mailing worm that uses its own SMTP engine to send itself to the email addresses that it harvests on the infected computer. W32/Duel@M is written using Microsoft Visual C++ and also contain
Troj/PeepVie-W
This malware was reported by: Sophos
W32/Rbot-CIY
This malware was reported by: Sophos
BackDoor-CKL.cfg
This malware was reported by: Network Associates Inc
BackDoor-DG.svr
This malware was reported by: Network Associates Inc
BackDoor-DG
This malware was reported by: Network Associates Inc
BackDoor-AXW
This malware was reported by: Network Associates Inc
ScreenCapture.dll
This malware was reported by: Network Associates Inc
BackDoor-AOP
This malware was reported by: Network Associates Inc
SymbOS.Commwarrior.D
This malware was reported by: Symantec
SymbOS.Commwarrior.D is a worm that runs on Series 60 phones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages, and Multimedia Cards (MMC) as a randomly named .sis file.
W32/Duel
This malware was reported by: Network Associates Inc
This detection is for files that have been parasitically infected with W32/Duel. Infected files will not increase in size as the virus uses slack space to infect executable files. For a detailed description of virus characteristics and sym
BackDoor-CKL
This malware was reported by: Network Associates Inc
BackDoor-CPL
This malware was reported by: Network Associates Inc
StartPage-AY
This malware was reported by: Network Associates Inc
Banking.G
This malware was reported by: Panda Software
 Banking.G is a Trojan with backdoor characteristics that opens a random port and remains listening on it. It logs the keystrokes typed by the user. This way, it can obtain sensitive information such as passwords.Additionally, it harvests information fro
Adware-TargetAD
This malware was reported by: Network Associates Inc
v-spm
This malware was reported by: Network Associates Inc
BackDoor-CLB
This malware was reported by: Network Associates Inc
StartPage-T
This malware was reported by: Network Associates Inc
W32/VB-ACS
This malware was reported by: Sophos
J2ME_ REDBROW.A
This malware was reported by: Trendmicro
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
StartPage-BE
This malware was reported by: Network Associates Inc
Adware-MBKWBar.dr
This malware was reported by: Network Associates Inc
Downloader-AVB
This malware was reported by: Network Associates Inc
StartPage-IQ
This malware was reported by: Network Associates Inc
Spy-Agent.ap
This malware was reported by: Network Associates Inc
Troj/Banload-TI
This malware was reported by: Sophos
SymbOS.Cardtrp.AB
This malware was reported by: Symantec
Backdoor.Hesive.D
This malware was reported by: Symantec
W32/USKAF-A
This malware was reported by: Sophos
WORM_ATOMICKS.A
This malware was reported by: Trendmicro
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
W32/Combra.worm
This malware was reported by: Network Associates Inc
Backdoor.Haxdoor.H
This malware was reported by: Symantec
Backdoor.Haxdoor.H is a Trojan horse program that opens a back door on the compromised computer and allows a remote attacker to have unauthorized access. It also logs keystrokes, steals passwords, and drops rootkits that run in safe mode.
Tetas
This malware was reported by: Network Associates Inc
Cardtrap.AD
This malware was reported by: F-Secure
VBS/Crazy.worm
This malware was reported by: Network Associates Inc
This is a destructive virus written in VBScript. It requires Windows Scripting Host in order to execute.
Virus will copy itself as the following:
-c:windowssystemfunny.vbs
-c:windowsstart menuprogramsstartUpsystem.vbs
Follo
VBS/Chochi.worm
This malware was reported by: Network Associates Inc
This is a destructive virus written in VBScript. It requires Windows Scripting Host in order to execute.
The virus will also infect all .vbs or .vbe files in the current drive.
The following registry keys will be modified:
HKEY_USE
Troj/Lasher-A
This malware was reported by: Sophos
Troj/Runner-F
This malware was reported by: Sophos
TROJ_MULDROP.GP
This malware was reported by: Trendmicro
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Behavior Diagram shown below.
W32.Davs
This malware was reported by: Symantec
W32.Davs is a virus that searches all drives and network shares on the compromised computer and infects executable files.
PWS-Banker.gen.c
This malware was reported by: Network Associates Inc
Singlejump.K
This malware was reported by: F-Secure
ProcKill-DP
This malware was reported by: Network Associates Inc
PWS-Banker.gen.aa
This malware was reported by: Network Associates Inc
W95/CTX
This malware was reported by: Network Associates Inc
Backdoor.Hesive.E
This malware was reported by: Symantec
Backdoor.Hesive.E is a Trojan horse that opens a back door on the compromised computer and allows a remote attacker to have unauthorized access. The risk may arrive as a Microsoft Access file that exploits the Microsoft Jet Database Engine Malformed Da
Troj/PWS-KI
This malware was reported by: Sophos
Troj/BagleDl-BN
This malware was reported by: Sophos
Troj/Zlob-GH
This malware was reported by: Sophos
Troj/Ranck-DX
This malware was reported by: Sophos
Adware-SpyShield
This malware was reported by: Network Associates Inc
TROJ_CRYZIP.A
This malware was reported by: Trendmicro
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Behavior Diagram shown below.
Troj/Dloadr-NB
This malware was reported by: Sophos
Troj/BrontDl-B
This malware was reported by: Sophos
Adware-Littlehelper
This malware was reported by: Network Associates Inc
Troj/Bancban-OH
This malware was reported by: Sophos
Troj/PeepVie-W
This malware was reported by: Sophos
W32/Sdbot-BAY
This malware was reported by: Sophos
W32/USKAF-A
This malware was reported by: Sophos
W32/PictLuv@MM
This malware was reported by: Network Associates Inc
This detection covers a mass mailing worm. It has the following high level characteristics.
Harvests addresses from the local machine
Sends a copy of itself out via email to harvested addresses
Overwrites files at root directories wi
Generic StartPage.s
This malware was reported by: Network Associates Inc
Trojan.Cryzip
This malware was reported by: Symantec
Trojan.Cryzip is a Trojan horse that creates password-protected ZIP files on the compromised computer. It then issues a ransom demand to recover any affected files.
CryZip
This malware was reported by: Network Associates Inc
W32/Shodi.worm.t
This malware was reported by: Network Associates Inc
W32/Shodi.worm.t is a Win32 prepending virus that scans the hard disks and tries to infect all ".exe" files.
Upon execution, W32/Shodi.worm.t drops the host file part of the executed infected file in the current directory with the same
Joke-FakeVirus
This malware was reported by: Network Associates Inc
Joke-ILoveYou
This malware was reported by: Network Associates Inc
Fontal.I
This malware was reported by: F-Secure
StartPage-Raze
This malware was reported by: Network Associates Inc
Troj/Sickbt-D
This malware was reported by: Sophos
Troj/Banload-TI
This malware was reported by: Sophos
Commwarrior.E
This malware was reported by: F-Secure
ZippoCryptor
This malware was reported by: Panda Software
 Cryzip.A is a Trojan that compresses in password-protected ZIP format all the files with any of the following extensions: ARH, ARJ (files compressed with ARJ), ASM, BAS, C, CDR, CGI, CHM, CPP, DB, DB1, DB2, DBF, DBT, DBX, DOC (Word documents), DPR, DSW,
Adware-Dictionary
This malware was reported by: Network Associates Inc
W32/Sdbot-BBA
This malware was reported by: Sophos
Troj/Lasher-A
This malware was reported by: Sophos
Troj/IRCBot-FP
This malware was reported by: Sophos
Troj/Dumaru-BZ
This malware was reported by: Sophos
W32/Zusha.worm
This malware was reported by: Network Associates Inc
W32/Zusha.worm is a network worm that spreads by exploiting Microsoft vulnerabilities, causing vulnerable computers to download a copy of the worm from an FTP site.
When executed, the worm creates a copy of itself into the windows system
Phishbank.AFW
This malware was reported by: Computer Associates
PWS-Hangame!chm
This malware was reported by: Network Associates Inc
Spyware-OverSpy
This malware was reported by: Network Associates Inc
Adware-BkdSpace.dr
This malware was reported by: Network Associates Inc
Troj/Bancos-RS
This malware was reported by: Sophos
Troj/PWS-KI
This malware was reported by: Sophos
Downloader-AUP
This malware was reported by: Network Associates Inc
Agent.p
This malware was reported by: F-Secure
Troj/Multidr-FG
This malware was reported by: Sophos
Troj/Zlob-GH
This malware was reported by: Sophos
Banker.CHG
This malware was reported by: Panda Software
 Banker.CHG is a Trojan that obtains data from several online services. In order to do so, it follows the routine below:It monitors if users access websites belonging to several banking entities.If users enter their data in order to log in any of them, B
OSX.Inqtana.B
This malware was reported by: Symantec
OSX.Inqtana.B is a worm that runs on Macintosh OS X and spreads by exploiting the Apple Mac OS X BlueTooth Directory Traversal Vulnerability (as described in Bugtraq ID 13491).
Note: The worm will not operate after February 24, 2006.
TROJ_DLOADER.CHU
This malware was reported by: Trendmicro
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Behavior Diagram shown below.
MS Vulnerability MS06-011
This malware was reported by: Network Associates Inc
MS Vulnerability MS06-012
This malware was reported by: Network Associates Inc
Troj/Zapchas-AS
This malware was reported by: Sophos