TrojanDownloader:Win32/Banload.IU is the detection for malware that downloads and executes other malware from a remote server. The downloaded files are usually members of the TrojanDownloader:Win32/Banload or TrojanSpy:Win32/Bancos family.

TrojanDownloader:Win32/Banload.HW is a trojan that attempts to connect to specific Web sites to download a file, which may be other malware.

 

For more information, refer to the TrojanDownloader:Win32/Banload family description.

Trojan:BAT/Killav.AV is a trojan that arrives in a self-extracting RAR file, with a banking trojan and a clean PowerPoint file. It renames a component of the AVG antivirus program, preventing it from updating.

Trojan:BAT/Killav.AW is a batch script trojan that renames certain files associated with a security software application to allow other malware to bypass detection by the related security product.

TrojanDownloader:Win32/Conhook.A attempts to download content from a remote Web site. TrojanDownloader:Win32/Conhook.A injects its code into running processes which could, depending on configuration, allow the Trojan to bypass permission-based firewalls in order to gain Internet access.

TrojanDownloader:ASX/Wimad.gen!F is a detection for Windows media files that, when opened using Windows Media Player, open a URL in the browser. These URLs usually direct the user to open an executable file, which may be detected as other malware.

Win32/Renos.gen!AV is a family of Trojan downloaders that display fake warning messages indicating that spyware or malware has been detected on the machine before downloading rogue security products, most notably Program:Win32/Antivirusxp. Win32/Renos.gen!AV has been distributed via spam messages.

Win32/Renos.gen!BA is a generic detection for a family of trojan downloaders that display fake warning messages indicating that spyware or malware has been detected on the machine, before downloading rogue security products, most notably Program:Win32/Antivirusxp or Trojan:Win32/FakeXPA. In the wild, Win32/Renos.gen!BA has been distributed via spam e-mail messages.

TrojanDownloader:Win32/Renos.gen!BE is a generic detection for a family of trojans that connect to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.

TrojanDownloader:Win32/Zlob.gen!GV is a generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

TrojanDownloader:Win32/Zlob.gen!BE is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

TrojanDownloader:Win32/Zlob.gen!Z is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

TrojanDownloader:Win32/Zlob.gen!A is a family of Trojan programs. Variants of the Zlob family modify Internet Explorer's settings, redirect the default internet search page and home page, and attempt to download and execute malicious software from the Internet.

TrojanDownloader:Win32/Agent!D529 is a Trojan downloader that drops a file onto the infected computer and attempts to download unwanted software from a remote Web site. The content could include anything from additional downloader Trojans to imitation security programs.

TrojanDownloader:Win32/Renos.CM is a variant of Win32/Renos, a family of trojan downloaders that automatically download unwanted software such as SpySheriff, SpyAxe, SpyFalcon, SpyDawn, SpywareStrike, and other similarly named programs. These programs typically present erroneous warnings claiming the system is infected with spyware and offer to remove the alleged spyware for a fee. In some cases, the programs may also cause system instability.

TrojanDownloader:Win32/Poisonvy!JPG  is a malicious jpg that contains code that attempts to exploit vulnerabilities in GDI in order to download additional malware onto the vulnerable machine. In the wild, this exploit code has been observed attempting to download Backdoor:Win32/Poisonivy.E. Please note, however, that in this example, the malicious code failed to exploit this vulnerability, and thus the trojan-downloading payload remains intended.

For more information on these vulnerabilities, please see Microsoft Security Bulletin MS08-021.

TrojanDownloader:Win32/Small.E repeatedly accesses a remote website in an attempt to download and install malicious or unwanted software. The Trojan attempts to hide its presence on the system and continually refreshes the registry edits made to lower security settings.

TrojanDownloader:Win32/Horst.H is a trojan downloader component of the Horst malware family.

TrojanDownloader:Win32/Renos.Y is a detection for a trojan that connects to certain websites and downloads other unwanted software and malware, such as Trojan:Win32/FakeSecSen, Trojan:Win32/Bohmini and other Win32/Renos components.

TrojanDownloader:JS/Multibreach.B is a detection for specially-crafted web pages that use JavaScript to download additional malware components based on the browser's vulnerability to specific exploits. These web pages are designed to trigger the browser vulnerabilities, thereby allowing malware to be downloaded into the system.