TrojanDropper:Win32/Stardrop.A is a trojan that drops other malware in the system.

Trojan:Win32/Starcedor.A is a Trojan that monitors an affected user's network traffic and intercepts search requests to Google.

Trojan:MacOS/RSPlug.A is a Trojan for Mac OS X that modifies existing DNS settings. This Trojan may pose as a Mac codec in the form of a disk image file.

Trojan:SH/RSPlug.A is an installed component of Trojan:MacOS/RSPlug.A, a Trojan for Mac OS X that modifies existing DNS settings. This Trojan may pose as a Mac codec in the form of a disk image file.

Trojan:Win32/Alemod.C is a data-stealing Trojan that is installed by Trojan dropper Trojan:Win32/Alemod.C.dr. For more information, see the encyclopedia entry for Trojan:Win32/Alemod.C.dr at http://www.microsoft.com/security/encyclopedia/details.aspx?Name=Trojan:Win32/Alemod.C.dr

Trojan:Win32/Goweh.E is a Trojan that alters several settings in Internet Explorer. It changes the home page and redirects search queries and traffic to other Web pages. Win32/Goweh.E is normally installed on a computer by another Trojan dropper or downloader.

Trojan:IRC/WinBot.dr opens a backdoor on TCP port 113 and UDP port 30167, connects to an IRC channel, and downloads and installs other files. Trojan:IRC/WinBot.dr also includes keylogger capabilities. Some variants of Trojan:IRC/WinBot.dr include the Win32/Parite virus, possibly as a result of cross-infection. Win32/Parite infects portable executable files on local drives and accessible network shares.

Win32/Busky is a family of Trojans that monitor and redirect Internet traffic, gather system information and download unwanted software such as Win32/Renos and Win32/SpySheriff. Win32/Busky may be installed by a Web browser exploit or other vulnerability when visiting a malicious Web site.

Trojan:Win32/Virtumonde.O is a Trojan dynamic link library (DLL) that installs itself as a Browser Helper Object (BHO) and generates popup advertisements on a user's desktop. The component is injected into EXPLORER.EXE by a dropper Trojan. Advertisements may appear as a visible window or may be hidden from view.

Trojan:Win32/Yidvar.A is a backdoor that receives commands from a remote Web server and may log keystrokes on an infected computer.

HTML/Emerleox is detection for files modified by Worm:Win32/Emerleox.gen, a network worm that attempts to copy itself to writable network shares by exploiting weak password/username combinations. When Worm:Win32/Emerleox.gen is run, it attempts to disable certain antivirus and firewall products by disabling registry entries and killing processes associated with those programs.

Win32/Busky is a family of Trojans that monitor and redirect Internet traffic, gather system information and download unwanted software such as Win32/Renos and Win32/SpySheriff. Win32/Busky may be installed by a Web browser exploit or other vulnerability when visiting a malicious Web site.

Trojan:Win32/Perfcoo.A is a small Trojan downloader. Trojan:Win32/Perfcoo.A may contact a remote Web site and execute a server-side script. This Trojan may be installed or downloaded by other pre-existing Trojans or unwanted software on the infected computer.

Trojan:Win32/Wopla.gen!Y is a generic detection for a family of Trojans that act as proxies, allowing an attacker to send spam e-mail, some with binary attachments. Trojan:Win32/Wopla.gen!Y may also download, upload and execute files on the affected machine.

Trojan:Java/Classloader.F is a malicious Java applet that can infect Microsoft Windows computers that are not patched with Microsoft Security Update MS03-011. An attacker can insert the Java applet into HTML code and host the code on a Web server or send the code in e-mail. When a user opens the Web page or e-mail, the vulnerability allows the applet to bypass a security check on the computer. The applet can then run malicious code on the computer and open a backdoor to receive commands from attackers.

Trojan:Win32/Starter creates an unauthorized user account on the system and adds that account to the administrator group as a “Remote Service Account".

 

On July 16, 2007, Microsoft identified a misclassification in the Trojan:Win32/Starter signature which could result in erroneous detections of this Trojan in certain PE files created by Quick Batch File Compiler. To address this issue, impacted customers should update to signature files with version number 2740.6 or above.

Trojan:Win32/Agent.ABA is a Trojan that may download additional malware and may also provide backdoor/proxy functionality.

Trojan:Win32/StartPage.PV is a Trojan that targets certain versions of Microsoft Windows. The Trojan changes the behavior of Internet Explorer in various ways. When the user attempts to access a Web site, the Trojan can block access to the site and display a warning that the computer is infected with spyware and adware.

Trojan:Win32/Anomaly.gen has been renamed to Trojan:Win32/C2Lop.C

 

Trojan:Win32/C2Lop.C is a Trojan that adds Web browser bookmarks, downloads files from remote Web sites, and delivers pop-up and contextual advertisements. Trojan:Win32/C2Lop.C is installed by SoftwareBundler:Win32/MessengerPlus.b!installer.