Backdoor:Win32/Smadow.gen!B is a generic detection for malware that can perform different actions, such as executing other malware. The executed malware may be detected as TrojanDropper:Win32/Sirefef.B or Trojan:Win32/Sirefef.

Trojan:Win32/Goweh.B is a Trojan that alters several settings in Internet Explorer, changing the home page and redirecting search queries and traffic to other Web pages. Win32/Goweh.B is usually installed on a computer by another Trojan dropper or downloader.

Trojan:Win32/Apropos.B.dr is a Trojan dropper. It installs Trojan:Win32/Apropos.B and rootkit VirTool:WinNT/Zufyx.A to computers running Microsoft Windows. The Trojan dropper then runs Trojan:Win32/Apropos.B. The rootkit hides Trojan:Win32/Apropos.B from the user. 

Trojan:Java/Classloader.C is a malicious Java applet that can infect Microsoft Windows computers that are not patched with Microsoft Security Update MS03-011. An attacker can insert the Java applet into HTML code and host the code on a Web server or send the code in e-mail. When a user opens the Web page or e-mail, the vulnerability allows the applet to bypass a security check on the computer. The applet can then run malicious code on the computer and open a backdoor to receive commands from attackers.

Trojan:Java/Classloader.F is a malicious Java applet that can infect Microsoft Windows computers that are not patched with Microsoft Security Update MS03-011. An attacker can insert the Java applet into HTML code and host the code on a Web server or send the code in e-mail. When a user opens the Web page or e-mail, the vulnerability allows the applet to bypass a security check on the computer. The applet can then run malicious code on the computer and open a backdoor to receive commands from attackers.

Trojan:Win32/Stresid downloads files from remote websites, may install as a browser helper object (BHO), and displays pop-up advertising on affected users’ systems. Some variants of Trojan:Win32/Stresid have been bundled with rootkits that hide its presence on the system. Trojan:Win32/Stresid drops a randomly named executable to the temp directory and a randomly named dll to the Windows directory.

Trojan:Win32/StartPage.PV is a Trojan that targets certain versions of Microsoft Windows. The Trojan changes the behavior of Internet Explorer in various ways. When the user attempts to access a Web site, the Trojan can block access to the site and display a warning that the computer is infected with spyware and adware.

Trojan:Win32/Apropos.B is a Trojan that may be installed by Trojan dropper Trojan:Win32/Apropos.B.dr on computers running Microsoft Windows. The Trojan dropper also installs rootkit VirTool:WinNT/Zufyx.A, which hides Trojan:Win32/Apropos.B. Trojan:Win32/Apropos.B connects to certain servers from the infected computer to receive commands from attackers.   

Win32/Nsag.B is a data-stealing Trojan. The Trojan is created when certain code is injected into wininet.dll, which is a Windows system file. When a user tries to send data to a Web site, code in Win32/Nsag.B may cause code in another malicious DLL on the computer to capture the user data and send it to an attacker.

Trojan:Win32/Anomaly.gen has been renamed to Trojan:Win32/C2Lop.C

 

Trojan:Win32/C2Lop.C is a Trojan that adds Web browser bookmarks, downloads files from remote Web sites, and delivers pop-up and contextual advertisements. Trojan:Win32/C2Lop.C is installed by SoftwareBundler:Win32/MessengerPlus.b!installer.

Trojan:Win32/Starter creates an unauthorized user account on the system and adds that account to the administrator group as a “Remote Service Account".

 

On July 16, 2007, Microsoft identified a misclassification in the Trojan:Win32/Starter signature which could result in erroneous detections of this Trojan in certain PE files created by Quick Batch File Compiler. To address this issue, impacted customers should update to signature files with version number 2740.6 or above.

Trojan:Win32/Conhook.C attempts to download content from a remote Web site. Trojan:Win32/Conhook.C injects its code into running processes which could, depending on configuration, allow the Trojan to bypass permission-based firewalls in order to gain Internet access.

Trojan:Win32/Conhook is a family of Trojans that installs themselves as Browser Helper Objects (BHOs), and connects to the Internet without user consent. They also terminate specific security services, and download additional malware to the computer.

Trojan:Win32/Adialer.OP is a Trojan dialer that connects to remote hosts without user consent. The Trojan consists of an installer, and an installed DLL, identified as Trojan:Win32/Adialer.OP!dll. The Trojan may connect to a remote Web site to download data, and may connect to UDP ports 3010 or 3011.

Trojan:Win32/Advhost.A is an advertising application downloader.

Trojan:IRC/WinBot opens a backdoor on TCP port 113 and UDP port 30167, connects to an IRC channel, and downloads and installs other files. Trojan:IRC/WinBot also includes keylogger capabilities. Some variants of Trojan:IRC/WinBot include the Win32/Parite virus, possibly as a result of cross-infection. Win32/Parite infects portable executable files on local drives and accessible network shares.

Trojan:Win32/Agent.ABA is a Trojan that may download additional malware and may also provide backdoor/proxy functionality.

Trojan:Win32/Agent.AGA is a Trojan lowers security settings, disables System File Checker, and connects to a remote Web site periodically.

Trojan:Java/Classloader.G is a malicious Java applet that can infect Microsoft Windows computers that are not patched with Microsoft Security Update MS03-011. An attacker can insert the Java applet into HTML code and host the code on a Web server or send the code in e-mail. When a user opens the Web page or e-mail, the vulnerability allows the applet to bypass a security check on the computer. The applet can then run malicious code on the computer and open a backdoor to receive commands from attackers.