TrojanDownloader:Win32/Conhook.A attempts to download content from a remote Web site. TrojanDownloader:Win32/Conhook.A injects its code into running processes which could, depending on configuration, allow the Trojan to bypass permission-based firewalls in order to gain Internet access.

TrojanDownloader:Win32/Beenut.A is a trojan which downloads files from various URLs to the host computer and then runs the downloaded files. TrojanDownloader:Win32/Beenut.A may also copy itself to the host computer, modifying the registry so the copy of itself runs each time Windows starts.

Win32/Beenut is a family of trojan downloaders that download files from various URLs to the host computer and then run the downloaded files. A Win32/Beenut trojan may also copy itself to the host computer, modifying the registry so the copy of itself runs each time Windows starts.

TrojanDownloader:Win32/Zlob.gen!A is a family of Trojan programs. Variants of the Zlob family modify Internet Explorer's settings, redirect the default internet search page and home page, and attempt to download and execute malicious software from the Internet.

TrojanDownloader:ASX/Wimad.gen!F is a detection for Windows media files that, when opened using Windows Media Player, open a URL in the browser. These URLs usually direct the user to open an executable file, which may be detected as other malware.

Win32/Renos.gen!AV is a family of Trojan downloaders that display fake warning messages indicating that spyware or malware has been detected on the machine before downloading rogue security products, most notably Program:Win32/Antivirusxp. Win32/Renos.gen!AV has been distributed via spam messages.

Win32/Renos.gen!BA is a generic detection for a family of trojan downloaders that display fake warning messages indicating that spyware or malware has been detected on the machine, before downloading rogue security products, most notably Program:Win32/Antivirusxp or Trojan:Win32/FakeXPA. In the wild, Win32/Renos.gen!BA has been distributed via spam e-mail messages.

TrojanDownloader:Win32/Renos.gen!BE is a generic detection for a family of trojans that connect to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.

TrojanDownloader:Win32/Zlob.gen!GV is a generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

TrojanDownloader:Win32/Zlob.gen!BE is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

TrojanDownloader:Win32/Zlob.gen!Z is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

TrojanDownloader:Win32/Small.E repeatedly accesses a remote website in an attempt to download and install malicious or unwanted software. The Trojan attempts to hide its presence on the system and continually refreshes the registry edits made to lower security settings.

TrojanDownloader:Win32/Agent!D529 is a Trojan downloader that drops a file onto the infected computer and attempts to download unwanted software from a remote Web site. The content could include anything from additional downloader Trojans to imitation security programs.

TrojanDownloader:Win32/Renos.CM is a variant of Win32/Renos, a family of trojan downloaders that automatically download unwanted software such as SpySheriff, SpyAxe, SpyFalcon, SpyDawn, SpywareStrike, and other similarly named programs. These programs typically present erroneous warnings claiming the system is infected with spyware and offer to remove the alleged spyware for a fee. In some cases, the programs may also cause system instability.

TrojanDownloader:Win32/Poisonvy!JPG  is a malicious jpg that contains code that attempts to exploit vulnerabilities in GDI in order to download additional malware onto the vulnerable machine. In the wild, this exploit code has been observed attempting to download Backdoor:Win32/Poisonivy.E. Please note, however, that in this example, the malicious code failed to exploit this vulnerability, and thus the trojan-downloading payload remains intended.

For more information on these vulnerabilities, please see Microsoft Security Bulletin MS08-021.

TrojanDownloader:Win32/Horst.H is a trojan downloader component of the Horst malware family.

TrojanDownloader:Win32/Renos.Y is a detection for a trojan that connects to certain websites and downloads other unwanted software and malware, such as Trojan:Win32/FakeSecSen, Trojan:Win32/Bohmini and other Win32/Renos components.

TrojanDownloader:JS/Multibreach.B is a detection for specially-crafted web pages that use JavaScript to download additional malware components based on the browser's vulnerability to specific exploits. These web pages are designed to trigger the browser vulnerabilities, thereby allowing malware to be downloaded into the system.

TrojanDownloader:ASX/Wimad.AE is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser. 

TrojanDownloader:VBS/Lnkget.D is a detection for VBS files that may be downloaded by TrojanDownloader:Win32/Lnkget.D. TrojanDownloader:Win32/Lnkget.D is a detection for shortcuts which connect to an FTP server and download and execute arbitrary VBScript files. These downloaded files have in turn generally downloaded and executed game password stealing malware, such as variants of the Win32/Helpud family.