Worm bootok.exe Net-Worm.Win32.Lovesan.

a Lovesan is an Internet Worm which

exploits the DCOM RPC vulnerability in Microsoft Windows described in MS Security
Bulletin MS03-026. Lovesan is written in C using the LCC compiler. The worm is a
Windows PE EXE file about 6KB (compressed via UPX - 11KB when decompressed).
Lovesan downloads and...
Malware d3dim.dll Virus.DOS.Acapulco.1971 It's a not dangerous memory
resident parasitic virus. It hooks INT 21h and writes itself at the end of COM-
and EXE-files are executed. Sometimes it hooks INT 08h (timer) and plays several
tunes.
Worm exe2bin.exe Worm.Win32.AutoRun.bnb This worm propagates by creating copies
of itself on local disks and write-accessible network resources. It is a Windows
PE EXE file. It is 46592 bytes in size. It is packed using UPX. The unpacked file
is approximately 107MB in size. Installation The worm copies its executable file
to the...
Rogue kbdda.dll Virus.DOS.Exorcist.212 It is a very dangerous nonmemory resident
overwriting virus. It searches for COM files, then overwrites them, and displays
the message: Bad command or file name then returns to DOS. On 1st of any month
the virus erases sectors on the C: drive. The virus also contains the text
strings: [RED...
Rogue kbdla.dll Virus.DOS.Glew.4245 This is a very dangerous memory resident
parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of EXE
files that are executed, opened or closed. The virus does not infect several anti-
virus programs (TBAV, FVIRU,0, F-PROT, AVP, e.t.c.) and COMMAND.COM according to
the string: TB...
Trojan jscript.dll Trojan.BAT.Adduser.t This Trojan has a malicious
payload. It is a BAT file. It is 1129 bytes in size.
Spyware rnr20.dll Trojan-PSW.Win32.QQRob.10 This Trojan is designed to
steal user passwords. It is a Windows PE EXE file. It is 70,144 bytes in size.
Installation When launched, the Trojan copies its executable file to the Windows
system directory: %System%\robber1.exe The Trojan also adds a link to its
executable file in the system...
Adware runas.exe Virus.DOS.CriminalWW.1788 These are very dangerous
memory resident parasitic polymorphic viruses. They trace and hook INT 21h, then
they write themselves to the end of COM and EXE files that are executed or opened.
Depending on their internal counters the viruses erase the MBR of the hard drive
and then display the message:...
Spyware ver.dll Trojan-PSW.Win32.LdPinch.rn This Trojan belongs to a
family of Trojans written with the aim of stealing user passwords. LdPinch is
designed to steal confidential information. The Trojan itself is a Windows PE EXE
file approximately 17KB in size, packed using UPX. When installing, the Trojan
copies itself to the Windows system...
Adware usrv80a.dll Virus.DOS.CriminalWW.1788 These are very dangerous
memory resident parasitic polymorphic viruses. They trace and hook INT 21h, then
they write themselves to the end of COM and EXE files that are executed or opened.
Depending on their internal counters the viruses erase the MBR of the hard drive
and then display the message:...
Malware scesrv.dll Virus.DOS.Lenin.943 It is not a dangerous nonmemory
resident parasitic virus. It searches for EXE files and writes itself to the end
of the file. While infecting it does not alter the EXE entry registers, but
inserts CALL FAR instruction into file entry point and alters EXE relocation
table. Depending on its...
Rogue WgaLogon.dll Virus.DOS.Darkray_II.466 It is not a dangerous
nonmemory resident parasitic virus. It searches for .COM files, then writes itself
to the end of the file. The virus displays the messages: This file contains a
virus!!! Please COLD-boot from a write protected system disk and use you anti
virus software!!! Dit virus is ter...
Malware mprapi.dll Virus.DOS.PM.733 It is a harmless memory resident stealth
parasitic virus. It hooks INT 21h and writes itself to the end of .COM files that
are executed or closed. When an infected file is opened, the virus disinfects it.
The virus contains the ID-strings: PM
Malware cryptnet.dll Virus.DOS.Lenin.943 It is not a dangerous
nonmemory resident parasitic virus. It searches for EXE files and writes itself to
the end of the file. While infecting it does not alter the EXE entry registers,
but inserts CALL FAR instruction into file entry point and alters EXE relocation
table. Depending on its...
Worm asr_pfu.exe Net-Worm.Win32.CodeRed.a CodeRed (aka Code Red, Bady) is an
Internet worm that replicates between Windows 2000 servers running Microsoft's IIS
(Internet Information Services) and the Microsoft Index Server 2.0 or the Windows
2000 Indexing Service. It does this by exploiting a bug known as "Unchecked Buffer
in the Index...
Adware ddeshare.exe Virus.DOS.Fire.2682 It's a harmless memory
resident encrypted parasitic stealth virus. It hooks INT 21h and writes itself to
the end of COM- and EXE-files that are executed. It contains the internal text
strings: Fire walk with me.
Malware dskquota.dll Virus.DOS.LoveBuzz.381 These are very dangerous
memory resident parasitic viruses. They hook INT 21h and writes themselves to the
end of the files. They contain the text strings: "LoveBuzz.381": Lyubasha
"LoveBuzz.591": LoveBuzz "LoveBuzz.381" infects .COM-files only, and corrupts
them while...
Backdoor hotplug.dll Backdoor.Win32.Agobot.a Backdoor.Agobot (also known as
PhatBot) is a Trojan program which provides the author/ user with remote access to
the victim machine. It is managed via IRC. It has a wide range of functionalities:
will not work with a debugger running or under Vmware it can run both as a
standard application and...
Adware mdminst.dll Virus.Linux.Gildo It is not a dangerous, memory resident
parasitic virus. It was written in the assembler language. It uses system calls
(syscall) while working with files. The virus infects ELF files. It writes itself
to the middle of the file. After starts the virus divides a main process and
continues its work....
Adware mmcshext.dll Virus.DOS.VLAD.Systa.231 It is a harmless non
memory-resident parasitic virus. It searches for SYS files, then writes itself to
the end of the file. The virus contains the text strings: SySta by Qark/VLAD
*.sys
Adware odbcp32r.dll Virus.DOS.Squatter.9742 This is a dangerous memory
resident parasitic highly polymorphic and stealth virus. It hooks INT 21h and
writes itself to the end of COM and EXE files that are accessed. Depending on
their counters the virus also infects the "C:\DOS\KEYB.COM" file, if it exists.
The virus does not infect the...
Backdoor qdv.dll Backdoor.Win32.Nanspy.f This backdoor program is written in
Delphi, and packed using UPX. The file is 211520 bytes in size. Installation The
backdoor copies itself to the system directory as spools.exe. It registers this
file in the system registry to ensure that the program is launched each time
Windows is rebooted....
Backdoor scrobj.dll Backdoor.Win32.Kbot.al This Trojan provides a remote
malicious user with access to the victim machine. It is a Windows PE EXE file.
It is 12787 bytes in size. Installation Once launched, the backdoor copies its
executable file to the Windows system directory: %System%\mssrv32.exe The
backdoor then creates a service...
Malware upnphost.dll Virus.DOS.Clone.833 This is a harmless companion
virus. It creates COM files with the same name as EXE file if found, and writes
itself into this COM file. This a memory resident virus. It hooks INT 21h, and
hits .EXE files that are executed. In April,0, the virus types: Your PC is
Cloned!! It also contains the...
Worm wscntfy.exe Net-Worm.Win32.Lovesan.a Lovesan is an Internet Worm which
exploits the DCOM RPC vulnerability in Microsoft Windows described in MS Security
Bulletin MS03-026. Lovesan is written in C using the LCC compiler. The worm is a
Windows PE EXE file about 6KB (compressed via UPX - 11KB when decompressed).
Lovesan downloads and...
Malware wmerror.dll Virus.DOS.PM.733 It is a harmless memory resident stealth
parasitic virus. It hooks INT 21h and writes itself to the end of .COM files that
are executed or closed. When an infected file is opened, the virus disinfects it.
The virus contains the ID-strings: PM
Spyware batt.dll Trojan-PSW.Win32.Lmir.gen This family of Trojans steals
passwords to the online game Legend of Mir. As a rule, programs belonging to this
family are written in high-level programming languages such as Delphi, Visual C/C+
+, Visual Basic). File sizes vary, and the programs utilize a range of methods to
install themselves to...
Adware kbdycc.dll Virus.DOS.Squatter.9742 This is a dangerous memory resident
parasitic highly polymorphic and stealth virus. It hooks INT 21h and writes itself
to the end of COM and EXE files that are accessed. Depending on their counters the
virus also infects the "C:\DOS\KEYB.COM" file, if it exists. The virus does not
infect the...
Malware occache.dll Virus.DOS.Acapulco.1971 It's a not dangerous memory
resident parasitic virus. It hooks INT 21h and writes itself at the end of COM-
and EXE-files are executed. Sometimes it hooks INT 08h (timer) and plays several
tunes.
Spyware write.exe Trojan-PSW.Win32.Coced.215 This Trojan steals user
passwords. It is designed to steal a range of confidential information. It is a
Windows PE EXE file. It is 10,240 bytes in size. It is written in Visual C++.
Installation Once launched, the Trojan copies its executable file to the Windows
system directory:...
Backdoor Netw2c32.dll Backdoor.Win32.Surila.k Surila is a Trojan backdoor.
The program is a Windows PE EXE file packed with Obsidium and written in Visual C+
+. The packed file size is 244 KB and the unpacked size is approximately 413 KB.
Installation Upon being launched, Surila copies itself into the Windows system
folder under the name...
Rogue iepeers.dll Lemena.3544 It is not a dangerous memory resident parasitic
polymorphic virus. It copies itself to the video memory at address BC00:0000,
hooks INT 22h (Terminate call), returns control to host program, waits for
termination and hooks INT 21h. To hook INT 21h the virus patches the DOS kernel.
The virus then...
Adware avifil32.dll Virus.DOS.CriminalWW.1788 These are very
dangerous memory resident parasitic polymorphic viruses. They trace and hook INT
21h, then they write themselves to the end of COM and EXE files that are executed
or opened. Depending on their internal counters the viruses erase the MBR of the
hard drive and then display the message:...
Backdoor AVIFILE.DLL Backdoor.win32.Small.cz This Trojan makes it possible for a
remote malicious user to control the victim machine. The program is a Windows PE
EXE file 2560 bytes in size.
Backdoor msgr3en.dll Backdoor.Win32.Agobot.a Backdoor.Agobot (also known as
PhatBot) is a Trojan program which provides the author/ user with remote access to
the victim machine. It is managed via IRC. It has a wide range of functionalities:
will not work with a debugger running or under Vmware it can run both as a
standard application and...
Backdoor wdigest.dll Backdoor.Netbus This is a hidden (hacker's) remote
administration utility similar to the known Backdoor.BO (a.k.a. Back Orifice)
Trojan. It allows to administrate infected computers from a remote console, to
steal files, to damage installed software etc. See Backdoor.BO Trojan.
Backdoor ieakeng.dll Backdoor.Win32.Delf.duc This malicious program is a Trojan.
It is a Windows PE EXE file. It is 447488 bytes in size.
Backdoor winhttp.dll Backdoor.Win32.IRCBot.abc This Trojan provides a remote
malicious user with access to the victim machine. It is managed via IRC. It is a
Windows PE EXE file. It is 32,704 bytes in size. Installation When installing, the
backdoor creates a system process, svchost.exe, and injects its code into process
memory. The backdoor...