Win32/Mytob is a family of mass-mailing worms that targets computers running certain versions of Microsoft Windows. The worm can spread by exploiting Windows vulnerabilities that are fixed by installing Microsoft Security Updates MS03-026 and MS04-011. The worm can also spread by sending a copy of itself through e-mail, MSN Messenger, or Windows Messenger. 

Win32/Jeans.A@m is an e-mail worm that tries to register itself as a debugger for Task Manager, Registry Editor, and other legitimate system applications.

Worm:Win32/Lovgate.B@mm is a mass-mailing worm that sends itself as an e-mail attachment to addresses found on the infected computer. To spread via networks and file shares, Worm:Win32/Lovgate.B@mm copies itself to writeable network shares and shares protected by weak user name and password pairs. The worm opens a backdoor on infected systems and may send system passwords and other sensitive information to the worm's author.

Worm:Win32/Hary.A!autorun is a component of Worm:Win32/Hary.A, a virus that spreads from removable media to computers, changes Internet Explorer settings, and disables certain system tools. Worm:Win32/Hary.A poses as a Microsoft Word document that when run, displays a Word document containing the text "Harry Potter is dead."

Worm:Win32/Bagle.ZD@mm is a mass-mailing e-mail worm that attempts to download and run arbitrary files from remote Web sites. Worm:Win32/Bagle.ZD@mm collects e-mail address from the local drive and also obtains e-mail addresses by checking Web site URLs included in the worm's code. The worm attempts to terminate the Windows Automatic Update service and modifies the System Registry in an attempt to disable booting into Safe Mode.

Worm:Win32/Gaobot.ZR is a network worm that targets certain versions of Microsoft Windows. It spreads by exploiting multiple vulnerabilities that are patched in various Microsoft Security Bulletins. It also spreads to writeable network shares that have weak administrator passwords to retrieve personal and system information. The worm targets certain Web sites for denial of service (DoS) attacks. The worm also has backdoor capabilities, which allow attackers to control a computer through an IRC channel.

Win32/Brontok is a family of mass-mailing e-mail worms. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from files on the infected computer. It can also copy itself to USB and pen drives. Win32/Brontok can disable antivirus and security software, immediately terminate certain applications, and cause Windows to restart immediately when certain applications run. The worm may also conduct denial of service (DoS) attacks against certain Web sites.

Worm:Win32/Slenfbot.NH is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Win32/Sircam is a family of mass-mailing network worms that targets certain versions of Microsoft Windows. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses found on the infected computer. It also spreads to network shares with weak administrator passwords. On a particular date, the worm may fill the system disk or delete all files on the disk.

Win32/Taterf is a family of worms that spread via mapped drives in order to steal login and account details for popular online games.

Win32/Taterf is a family of worms that spread via mapped drives in order to steal login and account details for popular online games.

Worm:Win32/Hamweq.D is a worm that spreads via removable drives, such as USB memory sticks. It contains an IRC-based backdoor, which may be used by a remote attacker to order the affected machine to participate in Distributed Denial of Service attacks, or to download and execute arbitrary files.

Worm:Win32/Autorun.CF is a worm that spreads via removable drives. It performs keylogging, modifies security settings, and deletes the Registry Editor utility.

Worm:Win32/Slenfbot.AAA is a worm that can spread via MSN Messenger, and may spread via removable drives. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Worm:Win32/Zotob.Q is a network worm that exploits the Plug-and-Play vulnerability discussed in Microsoft Security Bulletin MS05-039. The worm targets computers running Microsoft Windows 2000 that do not have MS05-039 installed. The worm can also infect computers running other versions of Windows operating systems if it is delivered through e-mail, instant messaging, or some other means.

Win32/Parite is a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives.

Worm:Win32/Stration.X is a mass-mailing email worm that sends itself to addresses obtained from a wide range of file types found on the infected system. The e-mail message composed by the worm may masquerade as a failure message or as a scanning tool. Worm:Win32/Stration.X also acts as a Trojan downloader, attempting to download a file from a remote website. The downloaded file is typically another variant of the Win32/Stration family.

Worm:Win32/Scrimge.B is a worm that spreads via MSN Messenger. It also contains backdoor functionality that allows unauthorized access to the affected machine.

Worm:Win32/Brontok.BU@mm is a mass-mailing e-mail worm that spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from files on the infected computer. Worm:Win32/Brontok.BU@mm can also copy itself to USB and pen drives. This worm can disable antivirus and security software, immediately terminate certain applications, and cause Windows to restart immediately when certain applications run. This worm may conduct denial of service (DoS) attacks against certain Web sites.