TrojanDownloader:Win32/Cbeplay.I is a trojan that downloads additional malware. It is often distributed via spam e-mail, either in an attachment or via a link to the trojan.

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs, such as Trojan:Win32/Antivirusxp and Program:Win32/FakeRednefed may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products.  These products may represent themselves as “Antivirus XP”, “AntivirusXP 2008”, “WinDefender 2008”, “XP Antivirus”, or similar.

 

Trojan:Win32/FakeIA.G is a detection for a file that is related to rogue security programs that display product names or logos in an apparently unlawful attempt to impersonate Microsoft products.

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs, such as Trojan:Win32/Antivirusxp and Program:Win32/FakeRednefed may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products.  These products may represent themselves as “Antivirus XP”, “AntivirusXP 2008”, “WinDefender 2008”, “XP Antivirus”, or similar.

 

Trojan:Win32/FakeIA.E is a detection for certain DLL and EXE files that are related to rogue security programs that display product names or logos in an apparently unlawful attempt to impersonate Microsoft products.

TrojanDownloader:HTML/Renos is Microsoft's generic detection for a trojan HTML script that attempts to download executable rogue security software when a user visits a malicious Web site and moves the mouse cursor over certain graphics or images.

 

Note: Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs, such as Trojan:Win32/Antivirusxp and Program:Win32/FakeRednefed may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 

 

Use Microsoft Windows Defender, the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742), or another up-to-date scanning and removal tool to detect and remove these threats and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

TrojanDownloader:HTML/Renos.gen!A is Microsoft's generic detection for a trojan HTML script that attempts to download executable rogue security software when a user visits a malicious Web site and moves the mouse cursor over certain graphics or images.

 

Note: Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs, such as Trojan:Win32/Antivirusxp and Program:Win32/FakeRednefed may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 

 

Use Microsoft Windows Defender, the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742), or another up-to-date scanning and removal tool to detect and remove these threats and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

 

TrojanDownloader:HTML/Renos.J is a detection for a trojan HTML script that attempts to download executable rogue security software when a user visits a malicious Web site and moves the mouse cursor over certain graphics or images.

 

Note: Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs, such as Trojan:Win32/Antivirusxp and Program:Win32/FakeRednefed may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 

Trojan:Win32/Goweh.A is a Trojan that alters several settings in Internet Explorer, changing the home page and redirecting search queries and traffic to other Web pages. Win32/Goweh.A is usually installed by another Trojan dropper or downloader.

Trojan:Win32/Agent!246A is an Internet Explorer Browser Helper Object (BHO) implemented as a DLL plug-in that allows attackers to customize and control Internet Explorer.

Win32/Mywife.E@mm is a mass-mailing network worm that targets certain versions of Microsoft Windows. The worm spreads through e-mail attachments and writeable network shares. It is expected to corrupt the content of specific files on the third day of every month.

 

This threat has been assigned CME identifier CME-24. It will be detected as Win32/Mywife.E@mm!CME-24.

Win32/Nsag.B is a data-stealing Trojan. The Trojan is created when certain code is injected into wininet.dll, which is a Windows system file. When a user tries to send data to a Web site, code in Win32/Nsag.B may cause code in another malicious DLL on the computer to capture the user data and send it to an attacker.

Win32/Valla.2048 is a virus that appends itself to executable files on an infected computer.

Win32/Vulgar.A is a file infector that may overwrite files on local or mapped drives.

Trojan:Win32/Bube.G is a Trojan that lowers security settings stored in the registry, attempts to download programs from a remote Web site and disables features in the Windows Security Center.

Trojan:Win32/Apropos.B is a Trojan that may be installed by Trojan dropper Trojan:Win32/Apropos.B.dr on computers running Microsoft Windows. The Trojan dropper also installs rootkit VirTool:WinNT/Zufyx.A, which hides Trojan:Win32/Apropos.B. Trojan:Win32/Apropos.B connects to certain servers from the infected computer to receive commands from attackers.   

Trojan:Win32/Alureon.gen!B is generic detection for a trojan that may help an attacker intercept inbound and outbound Internet traffic from the host computer. This may allow an attacker to capture confidential information such as user names, passwords, and credit card data. The trojan may also enable an attacker to transmit malicious data to the infected computer. Trojan:Win32/Alureon.gen!B may modify DNS settings on the host computer to enable the attacker to perform malicious tasks. Therefore it may be necessary to reconfigure DNS settings after the trojan is removed from the computer.

Trojan:Win32/Agent.B is a Trojan that redirects Web traffic and manipulates certain Windows applications. Trojan:Win32/Agent.B may install other unwanted software, or may be bundled with other unwanted software.

Trojan:Win32/Tibs.DV is a Trojan that allows unauthorized access to an infected computer. The Trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This Trojan also contains advanced stealth functionality that allows it to hide particular files, folders and processes.

Trojan:Win32/Adialer.OP is a Trojan dialer that connects to remote hosts without user consent. The Trojan consists of an installer, and an installed DLL, identified as Trojan:Win32/Adialer.OP!dll. The Trojan may connect to a remote Web site to download data, and may connect to UDP ports 3010 or 3011.

Trojan:Win32/Advhost.A is an advertising application downloader.

Trojan:Win32/Startpage.TE is a destructive Trojan that targets certain versions of Microsoft Windows. The Trojan sets the Internet Explorer default home page to a malicious URL when any user logs on to an infected computer.