Win32/Prefsap is a family of trojans that attempts to steal users’ FTP account details and sends this information to a remote server. It has been observed being downloaded by variants of the TrojanDownloader:Win32/Cbeplay family.

Win32/Prefsap is a family of trojans that attempts to steal users’ FTP account details and sends this information to a remote server. It has been observed being downloaded by variants of the TrojanDownloader:Win32/Cbeplay family.

TrojanDownloader:Win32/Zlob.gen!CE is a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component malware family that modifies Internet Explorer's settings, may alter default Internet search page and home page, and attempt to download and execute arbitrary files to introduce additional malicious software.

TrojanDownloader:Win32/Zlob.gen!BG is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

Renos is a family of Trojans that displays messages reporting that the user's current security software is malfunctioning and that new security software should be downloaded. The message is false and misleading, and it is intended to encourage users into downloading and/or purchasing third-party software.

 

This is a minor variant of Win32/Renos.gen!I. This variant may download unwanted programs identified as Program:Win32/SpySheriff, also known as 'MalwareAlarm'.

TrojanDownloader:JS/Psyme.gen exploits a vulnerability known as the Navigation Method Cross-Domain Vulnerability, in the Web browser Internet Explorer to execute malicious Javascript. This malicious Javascript is commonly used to download and execute other malware onto the system. 

TrojanDownloader:Win32/Zlob.gen!AS is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

TrojanDownloader:Win32/Zlob.gen!B is generic detection for the Zlob family of Trojan downloaders. Variants of the Zlob family modify Internet Explorer's settings, redirect the default internet search page and home page, and attempt to download and execute malicious software from the Internet.

TrojanDownloader:Win32/Zlob.gen!T is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

TrojanDownloader:Win32/Stration!ZIP is generic detection for e-mail .zip attachments containing variants of Win32/Stration. Win32/Stration is a family of mass-mailing email worms that send themselves to addresses obtained from a wide range of file types found on the infected system. The e-mail message composed by the worm may masquerade as a failure message or as a scanning tool. Win32/Stration.gen also acts as a Trojan downloader, attempting to download a file from a remote website. The downloaded file may be another variant of the Win32/Stration family.

TrojanDownloader:Win32/Small is family of Trojans that download unwanted software from a remote Web site. The content could include anything from additional downloader Trojans to imitation security programs.

TrojanDownloader:Win32/Matcash.B is a Trojan that connects to a remote site and downloads and executes arbitrary files. In the wild, this Trojan has been observed to download and install additional malicious and unwanted applications on the affected machine.

TrojanDownloader:Win32/Nonaco.A is a Trojan that installs additional malware on an affected machine.

TrojanDownloader:Win32/Gida.A is a malicious Adobe Flash program that intends to trick the user into believing their computer has data or security errors that require attention. The errors are false, and the malicious flash redirects the user to a Web site hosting unwanted software such as 'PerformanceOptimizer'.

TrojanDownloader:HTML/Agent.K is a detection for specifically formed IFRAME tags that point to remote Web sites containing malicious content. This content could include, for example, malicious JavaScript containing an exploit for a specific vulnerability, or malicious binaries.

TrojanDownloader:AutoIt/Agent is a generic detection for script malware compiled with AutoIt. It is usually associated with the Sohanad and Nuqel malware families.

TrojanDownloader:Win32/Conhook.AE is a trojan that attempts to download content from a remote web site. The site it attempts to connect to varies depending on the malware sample.

TrojanDownloader:Win32/Cutwail.AD is a trojan that is capable of downloading other malware from a remote website.

TrojanDownloader:Win32/Renos.EK is a generic detection for a family of trojans that connect to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.