resident encrypted parasitic virus. It searches for .EXE files and writes itself to the end of the file. The beginning of virus the body contains the word "PUT" . Sometimes the virus displays the message:... Worm ehuihlp.dll Net-Worm.Perl.Santy.a This worm uses a vulnerability i n phpBB, which is used to create forums and web sites, to spread via the Interne t. phpBB versions lower than 2.0.11 are vulnerable. The worm is written in Perl , and is 4966 bytes in size. Propagation The worm creates a specially formulat ed Google search request.... Adware atmfd.dll Virus.DOS.Later.959 This is a harmless memory reside nt parasitic virus. It hooks INT 21h and writes itself to the beginning of COM a nd to the end of EXE files that are executed or opened. While installing into th e memory, before return to the host program this virus disinfects the host file. If an installed DOS have... Adware AuxiliaryDisplayApi.dll Virus.DOS.Dnepr.377 It is not a dangerous me mory resident parasitic virus. It copies itself into Interrupt Vectors Table, ho oks INT 1Ch, 21h and writes itself to the end of COM files that are executed. De pending in its internal counter the virus displays the message: DNEPR-CHAMPION Rogue cacls.exe Virus.DOS.Darkray_II.466 It is not a dangerous no nmemory resident parasitic virus. It searches for .COM files, then writes itself to the end of the file. The virus displays the messages: This file contains a virus!!! Please COLD-boot from a write protected system disk and use you anti vi rus software!!! Dit virus is ter... Rogue control.exe Virus.DOS.Exorcist.212 It is a very dangerous nonmemory resident overwriting virus. It searches for COM files, then overwrites them, an d displays the message: Bad command or file name then returns to DOS. On 1st o f any month the virus erases sectors on the C: drive. The virus also contains th e text strings: [RED... Spyware dialer.exe Trojan-PSW.Win32.Lmir.gen This family of Trojans s teals passwords to the online game Legend of Mir. As a rule, programs belonging to this family are written in high-level programming languages such as Delphi, Visual C/C++, Visual Basic). File sizes vary, and the programs utilize a range o f methods to install themselves to... Dialer dot3svc.dll Exploit.IIS.Beavuh Beavuh is a malware exploit of t he so-called MS IIS ".printer" vulnerability, which is described by Microsoft in the "Security Bulletin MS01-23",released May 1, 2001. The MS01-23 Security Bu lletin can be viewed at the following location:... Adware eapsvc.dll Virus.DOS.Jeff.812 It is a very dangerous nonmemory resident parasitic virus. It searches for .COM files and writes itself to the e nd of the file. On July, 7th it displays: JEFF is visiting your harddisk... an d erases FAT of current disk. Trojan fontext.dll Trojan.Win32.Small.eu This Trojan is a Windows PE EXe file 3584 bytes in size. Once launched, the Trojan registers this file in the s ystem registry, ensuring that it will be launched each time Windows is rebooted on the victim machine: [HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce] "MSSetup"="<path to... Spyware hbaapi.dll Trojan-PSW.Win32.Nilage.ha This Trojan belongs to a family of programs designed to steal system passwords. It steals confidential d ata about the victim machine, including passwords and information entered via th e keyboard. The Trojan itself is a Windows PE EXE file approximately 68KB in si ze, packed using ASPack. The... Dialer ieakeng.dll Exploit.HTML.Ascii.p This exploit uses a vulnerabilit y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT ML page. It is 1872 bytes in size. It is not packed in any way. Spyware iscsium.dll Trojan-PSW.Win32.LdPinch.azw This Trojan is designed to steal confidential information (user passwords). It is designed to steal a r ange of confidential information. It is a Windows PE EXE file. It is 24,384 by tes in size. It is packed using MEW. The unpacked file is approximately 340KB in size. It is written in Assembler. Malware KBDGR.DLL Virus.DOS.SPE.CyberWarrior.5300.a It is a very dan gerous memory resident polymorphic and stealth parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed, opened, cl osed or accessed with Get/Set File Attribute DOS call. Depending on its counter the virus erases the MBR of the hard drive... Rogue KBDMON.DLL Virus.DOS.Zerobug.1536.a It is a memory resident not dangerous virus which inserts itself into COM-files beginning at their creat ing: the infector hooks INT 21h, f.3Ch, creates the file, writes its body into t his file and returns the control back to the program that called this function. And then that program appends the... Trojan KBDUGHR.DLL Trojan.BAT.Adduser.t This Trojan has a malicious payl oad. It is a BAT file. It is 1129 bytes in size. Backdoor Mcx2Svc.dll Backdoor.Win32.Nanspy.f This backdoor program is written in Delphi, and packed using UPX. The file is 211520 bytes in size. Ins tallation The backdoor copies itself to the system directory as spools.exe. It registers this file in the system registry to ensure that the program is launche d each time Windows is rebooted.... Dialer modemui.dll Exploit.HTML.Ascii.e This exploit uses a vulnerabilit y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT ML page. It is 1315 bytes in size. It is not packed in any way. Rogue msisip.dll Virus.DOS.Holms.6161 It is not a dangerous memory res ident parasitic polymorphic virus. It hooks INT 8, 1Ch, 21h, 28h and writes itse lf to the end of COM and EXE files (except COMMAND.COM) that are executed or ope ned. On INT 8 and INT 28h calls depending on its counters and system conditions, the virus searches for the... Spyware mswsock.dll Trojan-PSW.Win32.Fantast.30 This Trojan tracks the u ser's keystrokes. It is a Windows PE EXE file. The file is approximately 40KB in size. It is not packed in any way. Installation Once launched, the Trojan copies itself to the Windows system and root directories under the following na mes:... Dialer mydocs.dll Exploit.HTML.Ascii.j This exploit uses a vulnerabilit y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT ML page. It is 1046 bytes in size. It is not packed in any way. Rogue NlsData0013.dll Virus.DOS.Digger.1000 This is a harmless memory-reside nt parasitic encrypted virus. On execution it removes itself from the host file, then executes it, hooks INT 21h and stays memory resident. It infects the COM a nd EXE files on their execution and inserts itself into their bodies. EXE files are converted to COM format... Malware NlsLexicons0001.dll Virus.DOS.SPE.CyberWarrior.5300.a It is a very dangerous memory resident polymorphic and stealth parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed, op ened, closed or accessed with Get/Set File Attribute DOS call. Depending on its counter the virus erases the MBR of the hard drive... Backdoor ntprint.exe Backdoor.Win32.Jix.a This Trojan has a built- in remote administration tool. The program itself is a Windows PE EXE file appr oximately 15KB in size, packed using UPX. The unpacked file is approximately 25 KB in size. Once launched, the Trojan copies itself to the Windows system direc tory under one of the following... Trojan peninst.dll Trojan.JS.ExitW.a This Trojan is a JavaScript scen ario. It can be found on web pages. The file is 706 bytes in size. Spyware PnPutil.exe Trojan-PSW.Win32.Nilage.ha This Trojan belongs to a family of programs designed to steal system passwords. It steals confidential d ata about the victim machine, including passwords and information entered via th e keyboard. The Trojan itself is a Windows PE EXE file approximately 68KB in si ze, packed using ASPack. The... Adware rdpdd.dll Virus.DOS.Fire.2682 It's a harmless memory resident encrypted parasitic stealth virus. It hooks INT 21h and writes itself to the end of COM- and EXE-files that are executed. It contains the internal text strings: Fire walk with me. Malware sdclt.exe Virus.DOS.Mini.60.a These are extremely primitive no n memory resident harmless viruses. They write themselves to all .COM files of t he current directory. The peculiarity of these viruses is their small length. Al l infectors contain the string "*.COM" or "*.com". The length of files getting infection by "Mini.127.b"... Backdoor share.exe Backdoor.Win32.Delf.duc This malicious program i s a Trojan. It is a Windows PE EXE file. It is 447488 bytes in size. Spyware spwizres.dll Trojan-PSW.Win32.Coced.215 This Trojan steals user passwords. It is designed to steal a range of confidential information. It is a Windows PE EXE file. It is 10,240 bytes in size. It is written in Visual C++. Installation Once launched, the Trojan copies its executable file to the Windows system directory:... Worm TabbtnEx.dll Net-Worm.Win32.Lovesan.a Lovesan is an Internet W orm which exploits the DCOM RPC vulnerability in Microsoft Windows described in MS Security Bulletin MS03-026. Lovesan is written in C using the LCC compiler. The worm is a Windows PE EXE file about 6KB (compressed via UPX - 11KB when dec ompressed). Lovesan downloads and... Adware themeui.dll Virus.DOS.Squatter.9742 This is a dangerous memory resid ent parasitic highly polymorphic and stealth virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed. Depending on their cou nters the virus also infects the "C:\DOS\KEYB.COM" file, if it exists. The virus does not infect the... Malware unimdmat.dll Virus.DOS.Shifter.983 This virus infects .OBJ files pr epared to be compiled to COM files. The virus inserts itself into OBJ files so, that after linking to COM executable file the result contains the virus at the b eginning of the file. When that file is executed, the virus receives the control , hooks INT 21h and... Trojan WindowsAnytimeUpgradeCPL.dll Trojan.MSWord.Thief This Trojan uses remote template vulnerability of MS Word 97. The URL is sent to some IRC channe ls that contain a HTML file that automatically loads and opens an MS Word docume nt that contains reference to another MS Word template-containing Trojan macro. MS Word opens this template without any... Adware winsta.dll Virus.DOS.Zzz.1379 It is a dangerous nonmemory resi dent parasitic virus. It searches for .COM files in the directories C:\WINDOWS\C OMMAND, C:\DN, \CLIENT\WIN95\, then writes itself to the beginning of the file. While infecting the virus creates temporary file ZZZ.TMP. On 20th and 27th of an y month the virus deletes... Malware wpdwcn.dll Virus.DOS.Acapulco.1971 It's a not dangerous memory resi dent parasitic virus. It hooks INT 21h and writes itself at the end of COM- and EXE-files are executed. Sometimes it hooks INT 08h (timer) and plays several tun es. Adware wuapi.dll Virus.Linux.Gildo It is not a dangerous, memory re sident parasitic virus. It was written in the assembler language. It uses system calls (syscall) while working with files. The virus infects ELF files. It writ es itself to the middle of the file. After starts the virus divides a main pro cess and continues its work....