Listed as Severe as the malware infects the BAT files. No other information has been released on this.
A worm is a type of computer virus that generally spreads without user action and that distributes complete copies (possibly modified) of itself across networks (such as the Internet). Generally known as "Blaster," this new worm exploits the vulnerability that was addressed by Microsoft Security Bulletin MS03-026 (823980) to spread itself over networks by using open Remote Procedure Call (RPC) ports on computers that are running.
This worm uses removable drives to grow rapidly, it also opens a back door on the affected machine by connecting to the specific website. This worm will replicate itself, it will change the registry in order to boot whenever you start your computer. W32.Widoom connects to an IRC server and awaits for commands that permit it to fulfill harmful activities that involve downloading and executing remote files.
W3i.IQ5.fraud is supposed to be the legit 7zip or other freeware installer. Instead it is a netinstaller which tries to fool the user via unusual graphical user interface to install adware. W3i is also trying to make it look like 7zip and other free software is their own product which is practically theft.
WebTrendsLive is a tracking cookie. These cookies monitor your internet habits and gathers personal information about you as you surf the net.
Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including: Operating System Version, CPU Type and Speed, Memory Amount, Video Card type and Driver Version, Sound Card type and Driver Version, DirectX Version, Location that the Web Driver was installed from. Although the program does not pose a great threat, any sending of collected information can be compromised and additional information collected and sent as well.
The trojan installs a .dll file into the system directory which is registered as a browser helper object. It creates several registry entries. Any Trojan should be completely removed and all registry holes repaired as soon as possible.
Adware:Win32/ClickPotato is a program that displays pop-up and notification-style advertisements based on the user's browsing habits.
This threat is classified as a trojan downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and execute software or malicious code on vulnerable systems. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available
is a Trojan. This is a security risk and you should remove this threat immediately. Otherwise it may cause data loss or other misbehavior including performance degradation.
Win32/Netsky.AB@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens an e-mail attachment that contains the worm.
Win32/OnLineGames is a family of trojans that may inject malware DLL files into various processes, register malware Browser Helper Objects (BHO), collect user keystrokes, and other activities to steal login information related to popular online games.
Win32.Ramnit.C is a very malicious item that designed to allow remote access to your computer to largely occupy precious system resource, trace your Internet habits to record/steal your personal information. Generic detection for a DLL component dropped by other malware. It is used to load another malware.
This adware contains malicious code that allows remote access to your computer. Hackers can occupy your system to perform malicious work using your IP Address, they can trace your Internet habits and steal your personal information.
The Virus known as Win32.Worm.Zimuse which is spreading in two variants Win32.Worm.Zimuse.A and Win32.Worm.Zimuse.B. This virus has the ability to destroy Windows System files as well as personal document files. The Virus originated in Slovakia as a prank but has spread across computers in the United States, Thailand, and Italy. Both variants of the virus work by creating copies of itself before installing a rootkit. The worm then alters system registry strings. Once infestation is complete no one can save the data on your hard drive and sometimes not even the hard drive itself. If the infection is eradicated early the hard drive may be salvageable as long as all the worms "eggs" are wiped out. If the worm was able to overwrite the Master Boot Record, you will receive a fatal error: No bootable medium found. At this point you may need a new hard drive. Be sure to disconnect your unit from your network and the internet to keep the worm quarantined to your computer. Any flash drives or portable drive may be infected as well. If you are not computer savvy, contact your local computer technician and explain the virus/worm you have.
A privately-held company founded in 1999. The company works with publishers who sell space on their web pages to online advertisers. Zedo builds software technology that allows publishers to manage all the ads on their web pages. Zedo uses an HTTP cookie to track users' browsing history resulting in targeted pop-up ads. The cookie is often flagged by spyware and adware removal programs.
This PUP installs a toolbar in Internet Explorer and in Mozilla Firefox. It changes the start page of both browsers and changes the default searchbar in the browser. Additionally it displays advertisement and offers the possibility to add fun icons to mails. If the user installs Toolbar.Facemood he has to agree that CPU und bandwidth can be used by Toolbar.Facemood and personal information like used browsers, language, operating system and IP-Address get stored.
Trojan Agent is a malicious program, or malware, that typically uses fake threats to entice and mislead you to download or purchase a rogue anti-spyware program. Trojans are different than other malware, such as worms or viruses, because they cannot multiply themselves.
Agent.Gen is a generic detection for variants of the Agent Trojan family. Agent.Gen is a backdoor Trojan, infects the user when visiting malicious web sites. It is also bundled with ad ware and spyware programs. Few variants of agent use vulnerability in Internet explorer and installs automatically without user's knowledge. It registers the DLL files as Browser Helping Objects (BHO) for Internet explorer and tries to download more malicious programs including startpage Trojan in the infected system. It adds the EXE type files in the registry run section to load automatically on the next startup. Agent contains backdoor ability. Using this, hackers can steal data from the infected systems. This threat is also known as Backdoor.Agent.gen, TROJ_AGENT.AC, Troj/Agent.BX, Agent.E, Backdoor-CFB.
The TrojanAgent_r.BGP (aka) TrojanHorseAgent_r.BGP will shut down your firewall and security system upon activating its malicious code. This horse agent has been circulating the globe and has damaged thousands of computers during its life. The initial symptom may be your internet browser redirecting your searches to irrelevant sites, but this method is also used by numerous other viruses and malware programs as well. The program can generate ads on the affected computer in order to scam the user into making a purchase. This trojan is more than capable of stealing sensitive information such as passwords, address books, user names and other information.
This is a commercial toolbar that latches onto your internet browser and collects information about your browsing habits. It has been reported that the toolbar does not always uninstall using the conventional Windows Uninstaller. The program is listed as Trojan Virus / Spyware.
Trojan.Banker belongs to the Win32/Banker and Spyware.Banker, and is a family of data-stealing Trojans. When installed on a computer, it can capture banking credentials such as account numbers and passwords from the user. The Trojan can then send the captured information to the attacker by various means. Many variants of this malicious program may appear as greeting card software. Most of these Banker variants target customers of Brazilian banks.
A BHO trojan refers to a trojan that disguises itself as a legitimate Browser Help Object. For example: Adware.MediaBack, SmartEnhancer, Internet Speed Monitor, HyperBar, and WinTools are BHO trojans. BHO trojans generally change your Internet settings. For example, your Internet homepage may change or your Internet searches may be redirected to random websites. In addition, BHO trojans generally slow your computer and may generate pop-up advertisements.
This Trojan virus will download additional Trojan viruses from a remote server. Anti-virus program will tend to miss this malicious program during a “Quick Scan”, however, most anti-virus programs will catch it during a full scan. This particular virus will run in the background and disguise itself as a system process. A symptom of infection is a sudden slowing of the computer system and frequent freeze ups. As many things may cause these symptoms, it is advisable to perform a full virus scan and malware scan. This virus needs to be removed immediately or it may cause permanent damage to the infected computer.
Crypt.AQLW (aka) TrojanHorseCrypt.AQLW exploits vulnerabilities in Windows programs. The code package delivered to the unit is aimed at opening channels to the outside in order to download additional malicious software packages, while seeking confirmation from its creator to see if any information is needed from the newly infected machine. This virus can make using the computer almost impossible and can easily remove your personal data from the unit by removing it and sending it to its creator, or simply overwriting the information to gain additional disk space for future use. This virus should be removed immediately. Start by removing your ethernet cable from the unit or shutting down your wireless router to stop any additional corruption and to stop your data from being stolen.
This Trojan cripples computer speed. It will take over your internet browser and redirect searches to websites of its choice. It may block out websites that it finds as a danger to itself, so it will not allow you to sites that advertise anti-virus software, or repair sites unless it is a site that contains Rogue programs. This program changes key elements in the registry, so if you plan on trying to fix this yourself, be sure to back up the system, create a restore point and backup the registry files first.
This threat is classified as a Trojan - Dropper. As its name suggests, a dropper trojan contains malicious or potentially unwanted software which it ‘drops’ and installs on the affected system. Commonly, the dropper installs a backdoor which allows remote, surreptitious access to infected systems. This backdoor may then be used by remote attackers to upload and install further malicious or potentially unwanted software on the system.
This trojan needs to be removed immediately or it may cause a total computer crash. Although it is listed as a Trojan Virus, it is comprised of: Adware, Spyware, Randomware, Malware and is in the Rootkit family of damaging viruses. The most common warning is the sudden change of your desktop and and various fake security messages. The program has been known to promote adult sex-sites and other websites of questionable material. This virus will spread throughout your system and worm itself into System Restore Points. Anti-Virus programs that attempt to extract the virus may inadvertently damage the system beyond normal user repair. This virus requires manual extraction from a computer specialist. If you know you have this virus you should backup your personal documents, photos and other information on a flash drive that contains no other backups as the virus may "seed" the flash drive. After the virus is removed you can perform a scan and clean on the flash drive.
This Trojan can be contracted by visiting an unsafe website, viewing an unsafe picture or video and can be coded into shared music files. The code of this virus is written in a way to bypass the initial security scan used by your anti-virus program. Once the package is delivered it explodes. The virus acts swiftly. Shutting down your anti-virus program, attacking windows updating capabilities and opens doorways in the security system to allow other hackers in. If you discover this virus in your system you need to immediately disconnect from the Internet, as this virus is used by cyber criminals in order to steal your identity, passwords, banking information and other personal information. Additionally, it may permanently erase your data from the computer. This virus can also seed itself to make replicas in the event the main code is removed.
TrojanDownloader:Java/Rexec.B is a trojan Java applet that could allow the downloading and execution of arbitrary files. TrojanDownloader:Java/Rexec.B may be invoked by a malicious website as a Java.JAR archive. The applet is invoked from an HTML page by referencing the "a0ee3d65141.class" stored in the .JAR file. In the wild, we have observed the .JAR file containing malicious files that are all detected as TrojanDownloader:Java/Rexec.B
This threat is classified as a trojan downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code that may allow the site to automatically download and execute software or malicious code on vulnerable systems.
This is a Windows trojan horse that downloads files from predefined remote webpages and ftp servers to the infected computer.TrojanDownloader:Win32/Dofoil.D secretly installs other spywares without user’s knowledge or authorization. TrojanDownloader:Win32/Dofoil.D spreads to other computers via spam email attachment that allures other users to open and execute its files. TrojanDownloader:Win32/Dofoil.D is variable and changes its files on different systems. It’s better to use manual solution to detect and remove all the stuff of TrojanDownloader:Win32/Dofoil.D from the infected computer before it downloads more trojan horse to the compromised system.
TrojanDownloader:Win32/Waledac.C is a trojan that downloads and executes arbitrary files. There are no obvious symptoms that indicate the presence of this malware on an affected computer. The trojan has been seen to download variants of the following families of malware: Win32/Waledac - a family of trojans that is generally used to send spam. They also has the ability to download and execute arbitrary files, harvest email addresses from the local machine, perform denial of service attacks, proxy network traffic and sniff passwords. Win32/Winwebsec - a family of programs that claim to scan for malware and display fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. Win32/Winwebsec has been distributed with several different names. The user interface varies to reflect each variant’s individual branding.
This malicious software is an aggressive program that gives a hacker access to your computer. Once installed and activated, the hacker can obtain full control of your computer, its files and its operation. One of the main features of this Trojan Horse is its ability to deny the User (you) access to executable files and programs. This mean you cannot double-click on a program and have it open. Instead you find that the computer cannot find the associated program file. This Trojan will also delete and alter registry codes to make it nearly impossible for you to remove the infection. Thus, your computer will run slow or become unresponsive to your wishes. Once this Virus is embedded in your system all of your privacy items, such as passwords and account information may be stolen. It is highly advisable that you disconnect the unit from the Internet and bring the unit to your local repair shop. It IS possible to repair the unit without reinstalling the operating system, but not in all cases.
An exploit virus, exploits weaknesses and vulnerabilities in computer systems to gain unauthorized access to applications and files, and to generally wreak havoc. If you've been noticing strange and sudden pop-ups, programs crashing, system rebooting without prompting or other problematic behavior, it is conceivable that an exploit virus is the cause. Although the term "exploit virus" refers to a broad class of viruses, known and identified exploit viruses.
This is a Trojan/Rogue program that was designed in order to scare the user into purchasing the product. When the program is first executed it will pop-up a window which pretends to run a diagnostic scan on your hard drive. This will display numerous errors for you to review and then ask if you wish to repair the problems. Upon its false repair it will inform you that you have major errors remaining but need to pay for the full version in order to complete the repairs. This whole process is a scam, that is the Rogue Program part. On the Trojan side, the program is placing malicious code in your system in order to retrieve your personal information.
Trojan.FakeAlert is a Trojan that may install rogue anti-spyware onto your computer. I can manipulate the computer's registry and install fake spyware files to create false positives when your computer is scanned by rogue anti-spyware programs. The fake spyware is downloaded in hopes that you will be tricked into buying the rogue anti-spyware program. This Trojan virus can leave holes open in your security, leaving you open to attack.
Trojan:Java/Mesdeh is the detection for a data file that is used by malware to exploit a vulnerability in the Java Runtime Environment (JRE) discussed in CVE-2010-0094. Successful exploitation of the affected computer allows attackers to bypass Java sandbox restrictions and gain read and write access to the local file system. In the wild, one example of the exploit code was distributed within a Java archive file (.JAR) named "serial.jar" with the exploit code named "payload.ser".
Trojan:JS/Iframeinject.M generates a random IFrame and injects it into the HTML webpage. The Iframe contains instructions to redirect the browser to a certain webpage containing malware. The destination webpage is crafted using daily trends from the online site Twitter.com. As a result, the destination webpage content varies however it commonly hosts malware detected as Exploit:JS/Blacole.G.
Trojan.QHost.BG is a malicious application that can infect your computer and make it almost unusable. It is important to get rid of this virus as soon as possible to avoid loss of data and corruption of files on the computer.
This is a highly dangerous Trojan that compromises computers with security holes. The program is designed to block various anti-virus programs, and can bypass the systems firewall and anti-virus because the code rapidly mutates until it executes. Once it blossoms the virus sends a kill code to disable the anti-virus and firewall programs. Once the virus maintains a firm hold on the system it may disable features like System Restore and Windows Installer Services. If the anti-virus does find this Trojan, the removal process may cripple the system and render the unit unusable. Manual removal is recommended, even in a manual removal the virus may fight back and destroy the operating system. If you are infected with this virus, disconnect from the internet and call a service technician.
is a trojan that captures keystrokes and steals login credentials through a method known as "form grabbing". Trojan:Win32/Spyeye sends captured data to a remote attacker, may download updates and has a rootkit component to hide its malicious activity. This is a highly sophisticated program and has been circulating the globe since its release in Russia in 2009. The code written for this virus enables it to reside in your computer virtually undetected and causing no symptoms. Unless you run a full scan on good anti-virus program you may never know the virus is present. Meanwhile, Spyeyes is stealing data and giving a remote user the ability to control your computer. The code is written to attach itself to web-browsers: Internet Explorer, Firefox, Chrome, Opera and others. Spyeyes captures keystrokes and information that is entered in any on-line shopping form, credit form, loan application form and any other type of form you fill out using a web browser.
The Vundo Trojan (commonly known as Vundo, Virtumonde or Virtumondo, and sometimes referred to as MS Juan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. A Vundo infection is typically caused either by opening an e-mail attachment carrying the trojan, or through a variety of browser exploits, including vulnerabilities in popular browser plug-ins, such as Java. Many of the popups advertise fraudulent programs such as AntiSpywareMaster, WinFixer, AntiVirus 2009.
Trojan Win32 Agent, also known as TrojanSpy.Win32.Agent, is a keylogger program. Keyloggers are malicious programs designed to steal your personal information. Trojan Win32 Agent affects the Windows Operating System.
Win32/Alureon is a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. It may also allow an attacker to transmit malicious data to the infected computer. The trojan may modify DNS settings on the host computer to enable the attacker to perform these tasks. Therefore it may be necessary to reconfigure DNS settings after the trojan is removed from the computer. Win32/Alureon may also infect and corrupt certain driver files, causing them to become unusable. The Alureon.FP signature series is known for installing additional malware programs, stealing credit card information and passwords. The Trojan is capable of taking over the infected computer and creating maximum damage to the system. If you suspect you have this infection, immediately disconnect the unit from the internet and/or network. Perform this function by unplugging the internet cable and/or turning off the wireless signal. Even advanced users may find this trojan extremely hard to eradicate
Trojan:Win32/Cleaman.B is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer. Trojan:Win32/Cleaman.B modifies the Windows Hosts file. The local Hosts file overrides the DNS resolution of a website URL to a particular IP address. Malicious software may make modifications to the Hosts file in order to redirect specified URLs to different IP addresses. Malware often modifies an affected computer's Hosts file in order to stop users from accessing websites associated with particular security-related applications.
This trojan infection can cause massive damage to the computer system. It will download other severe malware programs. The program will compromise the units security system and leave backdoors open in order to allow fellow hackers access to your system and its files. Although some companies will advertise on-line removal, this trojan and many others should be removed by your local technician for a more detailed removal.
Win32/FakeSysdef is a family of programs that claim to scan for hardware defects related to system memory, hard drives and over-all system performance. They scan the system, show fake hardware problems, and offer a solution to defrag the hard drives and optimize the system performance. They then inform the user that they need to pay money to download the fix module and to register the software in order to repair these non-existent hardware problems. One of the first variants was distributed as program named "HDD Defragmenter" hence the name "FakeSysdef" or "Fake System Defragmenter".
This trojan enters the system via a Rogue Program download. The infection may cause system pop- us that use scare tactics in order to trick the user into purchasing a fake anti-malware or anti-virus program. Additionally, the program may Hijack the internet browser and re-direct the user to its website or other websites that may contain malicious code. System crashing can be expected and longer than normal startups.
Win32/Sirefef is a multi-component family of malware that uses stealth to hide its presence on an affected computer. Due to the nature of this threat, the payload may vary greatly from one infection to another, although common behavior includes: •Downloading and executing of arbitrary files •Contacting remote hosts •Disabling of security features
Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes to your computer that will NOT be restored - some system files may be irrevocably corrupted and essential security services may be disabled.
Due to the severe consequences associated with this threat, you may need to reinstall your Windows operating system and other computer programs, and restore your files and data from backup if your computer is infected with any of the following Sirefef variants: •Trojan:Win32/Sirefef.AA •Trojan:Win32/Sirefef.AC •Trojan:Win32/Sirefef.AH
Attempting to use an anti-virus program to remove this trojan my damage your system, possibly beyond repair.
Trojan:Win32/Sirefef.AC is a component of Win32/Sirefef - a multi-component family of malware that moderates an affected user's Internet experience by modifying search results, and generates pay-per click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing the payload. Trojan:Win32/Sirefef.AC is a service control program (a service that starts and controls services) used by Win32/Sirefef, responsible for starting or stopping malicious service components.
Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes to your computer that will NOT be restored - some system files may be irrevocably corrupted and essential security services may be disabled. Due to the severe consequences associated with this threat, you may need to reinstall your Windows operating system and other computer programs, and restore your files and data from backup if your computer is infected with any of the following Sirefef variants: Trojan:Win32/Sirefef.AA, Trojan:Win32/Sirefef.AC, Trojan:Win32/Sirefef.AH.
At this time there is no information on this virus.
Trojan:Win32/Sirefef.AH is a component of Win32/Sirefef - a multi-component family of malware that moderates an affected user's Internet experience by modifying search results, and generates pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing the payload. There are no common symptoms associated with this threat. Alert notifications from installed anti-virus software may be the only symptoms. Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. Particular variants of Win32/Sirefef may also make lasting changes to your computer that will NOT be restored - some system files may be irrevocably corrupted and anti-virus services may be disabled. As a consequence of being infected with this threat, you may need to reinstall your Windows operating system and other computer programs, and restore your files and data from backup.
Trojan:Win32/Sirefef.AL is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results, and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.
Win32/Tracur is a detection for the trojan family Tracur that downloads and executes arbitrary files, redirects web search queries to a malicious URL and may also install other malware. Win32/Tracur may drop several modified copies of itself in the system folder. In the wild, the trojan used the following file names: hal32.dll, olecli3232.dll, olecli3232.exe, authz32.dll. In rebooting, Win32/Tracur makes changes to the registry to ensure that the malware DLL is executed each time a specified parent-process is launched. Win32/Tracur may create events and mutex to ensure that only one copy of the threat runs on infected the computer at any one time. Win32/Tracur monitors the user's web browsing and may redirect web searched to a malicious URL when one of the following search engines are used: •Google •Yahoo •AOL •Ask •Bing
In addition to the search engines listed above, some variants may also redirect searchers for the following: •Snap •Hotbot •Gigablast •Lycos •Altavista •Alltheweb •Netscape •Youtube
Allows backdoor access and control. Win32/Tracur attempts to connect to a server via a random TCP port and wait for commands. Using this backdoor, an attacker can perform a number of actions on an affected computer. For example, an attacker may be able to perform the following actions: •Download and execute arbitrary files •Control the web browser redirection parameters.
This is a Trojan Horse Spyware virus, its main purpose is to download malicious malware files from the internet. Once accomplished the program will delete or alter certain system files in order to disable your ability to remove the virus. At this stage the virus will begin to collect your email account information and address book information in order to use your email account to send emails to your friends and family. Encased in these emails are seeds of itself that will duplicate itself in the computers of your friends and family. In some cases reported people also experienced annoying pop-up ads advertising Adult websites and other questionable sites. If you suspect you have this virus, immediately disconnect your computer from the internet and contact a repair specialist. It IS possible to remove the virus without re-installing your operating system, but not in all cases.
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms. Trojan:Win64/Sirefef.J is a trojan component of the Win32/Sirefef that contains a free mining client for Windows. The mining client is detected as Program:Win32/CoinMiner and may be used to generate new digital coins in the BitCoin decentralized economy by performing highly complex computations. To generate these coins, Program:Win32/CoinMiner uses the computer's CPU resources intensively.