Backdoor wmspdmod.dll Backdoor.Win32.

RA-based This is a typical client

-server remote administration utility that allows connection to remote computer(
s) in order to manage its (their) system resources in real time (similar to "pcA
nywhere" by Symantec). This utility has a "Remote-Anything" name, and it is deve
loped and distributed by the TWD...
Adware avifil32.dll Virus.DOS.Am.743 This is a harmless memory-reside
nt parasitic virus. It hooks INT 21h and writes itself at the end of COM files t
hat are executed. It contains the text "am", the same value is returned (in ASCI
I) by the virus when it checks the previously loaded TSR copy. On calling the G
etDate DOS function the...
Trojan vbscript.dll Trojan.VBS.KillOS.a This Trojan has a malicious payl
oad. It is 343 bytes in size, and written in Visual Basic Script.
Malware append.exe Virus.DOS.Segal.552 It is a harmless memory resident
parasitic virus. It hooks INT 21h and writes itself to the end of EXE files tha
t are executed. The virus does not manifest itself in any way. It contains the t
ext: -SEGAL(c)MM
Worm blastcln.exe Net-Worm.Perl.Santy.a This worm uses a vulnerability i
n phpBB, which is used to create forums and web sites, to spread via the Interne
t. phpBB versions lower than 2.0.11 are vulnerable. The worm is written in Perl
, and is 4966 bytes in size. Propagation The worm creates a specially formulat
ed Google search request....
Trojan comcat.dll Trojan.Win32.LipGame.i This Trojan is a Windows PE EXE
file written in C++ and packed using UPX. The file is 23552 bytes in size, and t
he unpacked file is 56832 bytes in size. The program is represented by a transp
arent icon, and it is therefore difficult to see it in some file managers. This
Trojan is almost identical...
Trojan dgnet.dll Trojan.BAT.MkDirs.z This primitive Trojan is written
in BAT and is 317 bytes in size. When launched, the virus deletes all the file
s from the C:\windows\ directory. Creates directories named "1", "2", "3", "4"
etc. up to "18" in the current directory. While deleting files it displays the
following text: You are...
Adware drwatson.exe Virus.DOS.CriminalWW.1788 These are very dangerous
memory resident parasitic polymorphic viruses. They trace and hook INT 21h, the
n they write themselves to the end of COM and EXE files that are executed or ope
ned. Depending on their internal counters the viruses erase the MBR of the hard
drive and then display the message:...
Trojan faultrep.dll Trojan.Win32.Killav.be This Trojan is designed to disab
le antivirus programs and terminate a range of processes on the victim machine.
It is a Windows PE EXE file. The file is 5,632 bytes in size. Installation T
his Trojan will be installed to the victim machine by another malicious program.
Spyware imapi.exe Trojan-PSW.Win32.Lmir.a This Trojan is designed to steal
confidential data. It is a Windows PE EXE file. The size of infected files ma
y vary from 147KB to 171KB. It is packed using AsPack. It is written in Delphi.
Installation Once launched, the Trojan copies itself to the Windows root dire
ctory (%WinDir%) under one...
Adware kbdes.dll Virus.DOS.Zzz.1379 It is a dangerous nonmemory resi
dent parasitic virus. It searches for .COM files in the directories C:\WINDOWS\C
OMMAND, C:\DN, \CLIENT\WIN95\, then writes itself to the beginning of the file.
While infecting the virus creates temporary file ZZZ.TMP. On 20th and 27th of an
y month the virus deletes...
Worm kbdycc.dll Worm.Win32.Doomjuice.b This worm spreads via the Intern
et, using computers infected by I-Worm.Mydoom.a and I-Worm.Mydoom.b to propagate
. Installation On launching, the worm copies itself to the Windows system dir
ectory under the name regedit.exe and registers this file in the system registry
auto-run key:...
Backdoor lprmonui.dll Backdoor.Win32.Poison.h This Trojan provides a r
emote malicious user with access to the victim machine. It is a Windows PE EXE
file. The file is 5,040 bytes in size. Installation When launched, the Trojan
copies its executable file to the Windows system directory: %System%\com.exe
It also creates the following...
Adware mmcshext.dll Virus.DOS.Dnepr.377 It is not a dangerous memory res
ident parasitic virus. It copies itself into Interrupt Vectors Table, hooks INT
1Ch, 21h and writes itself to the end of COM files that are executed. Depending
in its internal counter the virus displays the message: DNEPR-CHAMPION
Worm msiexec.exe Net-Worm.Win32.Lovesan.a Lovesan is an Internet W
orm which exploits the DCOM RPC vulnerability in Microsoft Windows described in
MS Security Bulletin MS03-026. Lovesan is written in C using the LCC compiler.
The worm is a Windows PE EXE file about 6KB (compressed via UPX - 11KB when dec
ompressed). Lovesan downloads and...
Trojan msvbvm50.dll Trojan.Win32.LipGame.i This Trojan is a Windows PE EXE
file written in C++ and packed using UPX. The file is 23552 bytes in size, and t
he unpacked file is 56832 bytes in size. The program is represented by a transp
arent icon, and it is therefore difficult to see it in some file managers. This
Trojan is almost identical...
Spyware ntvdm.exe Trojan-PSW.Win32.LdPinch.rn This Trojan belongs to a
family of Trojans written with the aim of stealing user passwords. LdPinch is d
esigned to steal confidential information. The Trojan itself is a Windows PE EXE
file approximately 17KB in size, packed using UPX. When installing, the Trojan
copies itself to the Windows system...
Worm odbccr32.dll Worm.Win32.Nuf This worm infects computers running unde
r Windows. It spreads via poorly protected network resources. The worm itself
is a PE EXE file. It is written in Microsof Visual C++. The file is approximatel
y 37KB in size. It is not packed in any way. Installation Once launched, th
e worm copies itself...
Adware racpldlg.dll Virus.Boot.ABCD.a It's a harmless boot virus. On l
oading from infected disk, it hooks INT 13h and writes itself into boot sectors
of floppy disks. It infects the hard drive on loading from infected floppy. It u
ses the ID-word ABCDh.
Worm rwinsta.exe Worm.Win32.Randex.a "Randex" is a group of worms tha
t spread over Win32 networks (local and global) through shared resources. The w
orms are Windows PE EXE files that appear under several names (see name ist belo
w). Randex worms are written in Microsoft Visual C++. A Randex worm enters a co
mputers and goes into a...
Spyware shmedia.dll Trojan-PSW.Win32.Coced This Trojan is one of a family o
f Trojans which steals user passwords. It is designed to steal confidential dat
a. It is a Windows PE EXE file. The file is 9,728 bytes in size. It is written
in Visual C++.
Worm stclient.dll Net-Worm.Win32.Witty This fileless worm, also known a
s BlackIce and Blackworm, infects computers which use the following vulnerable I
SS products: RealSecure Network 7.0, XPU 22.11 and before RealSecure Server Se
nsor 7.0 XPU 22.11 and before RealSecure Server Sensor 6.5 for Windows SR 3.10
and before Proventia A...
Worm tsappcmp.dll Net-Worm.Win32.CodeGreen.a This is an Internet worm
that targets Web sites by infecting Internet Information Servers (ISS). The wor
m completes the method of spreading from one Web site to other Web sites by send
ing and executing its code on remote machines in a similar way to the "CodeRed"
IIS worm. This worm, like the...
Backdoor usrvoica.dll Backdoor.Win32.VanBot.bk This Trojan can
be used for remote administration of the victim machine. It provides a malicious
user with the ability to perform operations via IRC. It is a Windows PE EXE fil
e, and is 207,872 bytes in size. Installation When installing, the backdoor co
pies its executable file to the Windows...
Dialer winlogon.exe Exploit.PHP.Inject.f This exploit is designed to stea
l confidential information from Web application databases. It is a PHP file. It
is 1,610 bytes in size. It is not packed in any way. It is written in PHP.
Rogue ws2help.dll Virus.DOS.Glew.4245 This is a very dangerous memory
resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the
end of EXE files that are executed, opened or closed. The virus does not infect
several anti-virus programs (TBAV, FVIRU,0, F-PROT, AVP, e.t.c.) and COMMAND.COM
according to the string: TB...