Rogue inetcomm.dll Virus.DOS.Digger.

1000 This is a harmless memory-reside

nt parasitic encrypted virus. On execution it removes itself from the host file,
then executes it, hooks INT 21h and stays memory resident. It infects the COM a
nd EXE files on their execution and inserts itself into their bodies. EXE files
are converted to COM format...
Spyware colbact.dll Trojan-PSW.Win32.Nilage.ha This Trojan belongs to a
family of programs designed to steal system passwords. It steals confidential d
ata about the victim machine, including passwords and information entered via th
e keyboard. The Trojan itself is a Windows PE EXE file approximately 68KB in si
ze, packed using ASPack. The...
Adware mqdscli.dll Virus.DOS.Jeff.812 It is a very dangerous nonmemory
resident parasitic virus. It searches for .COM files and writes itself to the e
nd of the file. On July, 7th it displays: JEFF is visiting your harddisk... an
d erases FAT of current disk.
Adware wmadmod.dll Virus.DOS.CriminalWW.1788 These are very dangerous
memory resident parasitic polymorphic viruses. They trace and hook INT 21h, the
n they write themselves to the end of COM and EXE files that are executed or ope
ned. Depending on their internal counters the viruses erase the MBR of the hard
drive and then display the message:...
Dialer msrating.dll Exploit.HTML.Ascii.j This exploit uses a vulnerabilit
y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT
ML page. It is 1046 bytes in size. It is not packed in any way.
Backdoor srchctls.dll Backdoor.Win32.Nanspy.f This backdoor program is
written in Delphi, and packed using UPX. The file is 211520 bytes in size. Ins
tallation The backdoor copies itself to the system directory as spools.exe. It
registers this file in the system registry to ensure that the program is launche
d each time Windows is rebooted....
Rogue accwiz.exe Virus.DOS.Leo.3948 It is not a dangerous nonmemory
resident quite silly parasitic virus. It searches for .COM files, then writes it
self to the end of the file. On December 31st it displays the message: *
* * · ···· &midd
ot;· ·...
Backdoor batmeter.dll Backdoor.Win32.Nanspy.f This backdoor program is
written in Delphi, and packed using UPX. The file is 211520 bytes in size. Ins
tallation The backdoor copies itself to the system directory as spools.exe. It
registers this file in the system registry to ensure that the program is launche
d each time Windows is rebooted....
Backdoor cards.dll Backdoor.WinCE.Brador.a Brador.a is a backdoor (
a utility allowing for remote administration of the infected machine) for Pocket
PC based on Windows CE and newer version of Windows Mobile. It is written in
ASM for ARM-processors and is 5632 bytes in size. After Brador is launched it c
reates an svchost.exe file in the...
Adware clusapi.dll Virus.DOS.Put.1939 It is not a dangerous nonmemory
resident encrypted parasitic virus. It searches for .EXE files and writes itself
to the end of the file. The beginning of virus the body contains the word "PUT"
. Sometimes the virus displays the message:...
Adware cryptnet.dll Virus.Boot.ABCD.a It''s a harmless boot virus. On
loading from infected disk, it hooks INT 13h and writes itself into boot sectors
of floppy disks. It infects the hard drive on loading from infected floppy. It
uses the ID-word ABCDh.
Backdoor dgsetup.dll Backdoor.Win32.Vipdataend.ij This Trojan prov
ides a remote malicious user with access to the victim machine. This Trojan is
a Windows PE EXE file. It is 435712 bytes in size. Installation The backdoor co
pies its executable file to the Windows system directory: %System%\PiaO.exe The
Trojan also extracts the following .dll...
Trojan dpnhpast.dll Trojan.Win32.KillFiles.lm This Trojan has a malici
ous payload. It is a Windows PE EXE file. The file is 368 128 bytes in size. &
aacute;àéò. It is not packed in any way. It is written in
Borland Delphi.
Rogue drwtsn32.exe Virus.DOS.Darkray_II.466 It is not a dangerous no
nmemory resident parasitic virus. It searches for .COM files, then writes itself
to the end of the file. The virus displays the messages: This file contains a
virus!!! Please COLD-boot from a write protected system disk and use you anti vi
rus software!!! Dit virus is ter...
Trojan eventlog.dll Trojan.Win32.KillFiles.lm This Trojan has a malici
ous payload. It is a Windows PE EXE file. The file is 368 128 bytes in size. &
aacute;àéò. It is not packed in any way. It is written in
Borland Delphi.
Adware fontsub.dll Virus.DOS.Am.743 This is a harmless memory-reside
nt parasitic virus. It hooks INT 21h and writes itself at the end of COM files t
hat are executed. It contains the text "am", the same value is returned (in ASCI
I) by the virus when it checks the previously loaded TSR copy. On calling the G
etDate DOS function the...
Dialer ialmrnt5.dll Exploit.HTML.Ascii.f This exploit uses a vulnerabilit
y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT
ML page. It is 1614 bytes in size. It is not packed in any way.
Backdoor ieapfltr.dll Backdoor.Win32.Jix.a This Trojan has a built-
in remote administration tool. The program itself is a Windows PE EXE file appr
oximately 15KB in size, packed using UPX. The unpacked file is approximately 25
KB in size. Once launched, the Trojan copies itself to the Windows system direc
tory under one of the following...
Adware iphlpapi.dll Virus.DOS.Squatter.9742 This is a dangerous memory resid
ent parasitic highly polymorphic and stealth virus. It hooks INT 21h and writes
itself to the end of COM and EXE files that are accessed. Depending on their cou
nters the virus also infects the "C:\DOS\KEYB.COM" file, if it exists. The virus
does not infect the...
Dialer ir41_qc.dll Exploit.HTML.Ascii.j This exploit uses a vulnerabilit
y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT
ML page. It is 1046 bytes in size. It is not packed in any way.
Spyware kbdinmal.dll Trojan-PSW.Win32.LdPinch.ur This Trojan is designed
to steal user passwords. It is a Windows PE EXE file. The size of the infecte
d file may vary between 21KB to 86KB. It is packed using FSG.
Malware kbdtat.dll Virus.DOS.PM.733 It is a harmless memory resident
stealth parasitic virus. It hooks INT 21h and writes itself to the end of .COM
files that are executed or closed. When an infected file is opened, the virus di
sinfects it. The virus contains the ID-strings: PM
Trojan logagent.exe Trojan.Win32.KillAV.gj This Trojan is a Windows PE EXE
file 61440 bytes in size. Once launched, the Trojan causes the following messa
ge to be displayed: It then creates a file called Update.bat in the C: root d
irectory: C:\Update.bat The Trojan terminates any processes it finds with the
names listed below:...
Spyware mciole32.dll Trojan-PSW.Win32.LdPinch.abm This Trojan program is d
esigned to steal confidential user data. It harvests user names and passwords to
a range of services and programs, and incorporates an SMTP server. The Trojan
is a Windows PE EXE file, written in C++, and is 58410 bytes in size. Once lau
nched, the Trojan copies itself to...
Trojan MP4SDMOD.dll Trojan.Win32.Small.eu This Trojan is a Windows PE EXe
file 3584 bytes in size. Once launched, the Trojan registers this file in the s
ystem registry, ensuring that it will be launched each time Windows is rebooted
on the victim machine: [HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce]
"MSSetup"="<path to...
Rogue mqtrig.dll Virus.DOS.Exorcist.212 It is a very dangerous nonmemory
resident overwriting virus. It searches for COM files, then overwrites them, an
d displays the message: Bad command or file name then returns to DOS. On 1st o
f any month the virus erases sectors on the C: drive. The virus also contains th
e text strings: [RED...
Trojan msidle.dll Trojan.BAT.MkDirs.z This primitive Trojan is written
in BAT and is 317 bytes in size. When launched, the virus deletes all the file
s from the C:\windows\ directory. Creates directories named "1", "2", "3", "4"
etc. up to "18" in the current directory. While deleting files it displays the
following text: You are...
Adware msrd2x40.dll Virus.DOS.Am.743 This is a harmless memory-reside
nt parasitic virus. It hooks INT 21h and writes itself at the end of COM files t
hat are executed. It contains the text "am", the same value is returned (in ASCI
I) by the virus when it checks the previously loaded TSR copy. On calling the G
etDate DOS function the...
Trojan mycomput.dll Trojan.Win32.KillAV.gj This Trojan is a Windows PE EXE
file 61440 bytes in size. Once launched, the Trojan causes the following messa
ge to be displayed: It then creates a file called Update.bat in the C: root d
irectory: C:\Update.bat The Trojan terminates any processes it finds with the
names listed below:...
Backdoor netcfgx.dll Backdoor.Win32.Nanspy.f This backdoor program is
written in Delphi, and packed using UPX. The file is 211520 bytes in size. Ins
tallation The backdoor copies itself to the system directory as spools.exe. It
registers this file in the system registry to ensure that the program is launche
d each time Windows is rebooted....
Worm ntkrnlpa.exe Worm.SunOS.Sadmind Text written by Costin Raiu, Kas
persky Labs, Romania This is an Internet-worm that replicates between Sun Sparc
computers running the Solaris/SunOS operating system, and attacks Microsoft IIS
v4 and 5 Web servers. Cracked Micrsoft IIS servers will have their start page r
eplaced with one that...
Dialer odtext32.dll Exploit.HTML.Ascii.ae This exploit uses a vulnerabilit
y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT
ML page. It is 3616 bytes in size. It is not packed in any way.
Malware perfts.dll Virus.DOS.TaiPan.Chroot.727 This is a harmless memor
y-resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE
files that are executed. This virus infects files that are executed, opened or
accessed by Get/Set File Attributes DOS call. It deletes the F-PROT anti-virus
and does not infect the file...
Worm qappsrv.exe Worm.Win32.Fujack.a This worm spreads on the hard di
sk of the victim machine and to write-accessible network resources. It is a Win
dows PE EXE file. Modifications of this program may vary in size from 26KB to 1
29KB. The program may be packed with a range of packers. Installation When laun
ched, the worm copies its...
Rogue rasdial.exe Virus.DOS.Spartak_II.2000 It is not a dangerous no
nmemory resident polymorphic companion virus. It searches for .COM and .EXE file
s, then renames .COM files to .CCC and .EXE files to .EEE, then writes itself in
stead of host file. After infection the virus creates in the current directory t
he SPARTAK.BAT file and writes to...
Trojan replace.exe Trojan.Win32.KillWin.bl This Trojan program deletes the
Windows NT system file. The Trojan itself is a Windows PE EXE file, 296407 byte
s in size.
Worm scrnsave.scr Net-Worm.Win32.Witty This fileless worm, also known a
s BlackIce and Blackworm, infects computers which use the following vulnerable I
SS products: RealSecure Network 7.0, XPU 22.11 and before RealSecure Server Se
nsor 7.0 XPU 22.11 and before RealSecure Server Sensor 6.5 for Windows SR 3.10
and before Proventia A...
Trojan sethc.exe Trojan.VBS.KillOS.a This Trojan has a malicious payl
oad. It is 343 bytes in size, and written in Visual Basic Script.
Worm sprio800.dll Worm.Win32.Fujack.a This worm spreads on the hard di
sk of the victim machine and to write-accessible network resources. It is a Win
dows PE EXE file. Modifications of this program may vary in size from 26KB to 1
29KB. The program may be packed with a range of packers. Installation When laun
ched, the worm copies its...
Dialer sysedit.exe Exploit.HTML.Ascii.j This exploit uses a vulnerabilit
y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT
ML page. It is 1046 bytes in size. It is not packed in any way.
Trojan tracerpt.exe Trojan.Win32.LipGame.i This Trojan is a Windows PE EXE
file written in C++ and packed using UPX. The file is 23552 bytes in size, and t
he unpacked file is 56832 bytes in size. The program is represented by a transp
arent icon, and it is therefore difficult to see it in some file managers. This
Trojan is almost identical...
Dialer upnp.dll HackTool.Perl.IrBot.d This malicious program is a hack
ing utility. It is a Perl script. The size of infected files may vary from 12K
B to 69KB.
Worm vwipxspx.exe Worm.Win32.AutoRun.bnb This worm propagates by creating
copies of itself on local disks and write-accessible network resources. It is
a Windows PE EXE file. It is 46592 bytes in size. It is packed using UPX. The u
npacked file is approximately 107MB in size. Installation The worm copies its e
xecutable file to the...
Backdoor winscard.dll Backdoor.Win32.Jix.a This Trojan has a built-
in remote administration tool. The program itself is a Windows PE EXE file appr
oximately 15KB in size, packed using UPX. The unpacked file is approximately 25
KB in size. Once launched, the Trojan copies itself to the Windows system direc
tory under one of the following...
Malware wmpasf.dll Virus.DOS.Croatia_II.560 It is a very dangerous m
emory resident parasitic virus. It hooks INT 21h and writes itself to the end of
COM files that are executed. The virus deletes the CHKLIST.MS file, if it exist
s. On February 12th it erases the hard drive sectors and displays the message:
Croatia must be free ! (c) 1995 by...
Malware wpdconns.dll Virus.DOS.PM.733 It is a harmless memory resident
stealth parasitic virus. It hooks INT 21h and writes itself to the end of .COM
files that are executed or closed. When an infected file is opened, the virus di
sinfects it. The virus contains the ID-strings: PM
Worm xmlprov.dll Net-Worm.Win32.Mytob.a This network worm infects comput
ers running Windows. It is a Windows PE EXE file approximately 43KB in size, pac
ked using FSG. The unpacked file is approximately 143KB in size. The worm sprea
ds via a vulnerability in the Windows LSASS service. You can find information ab
out the vulnerability...