500 entries found.
Displaying page 1
of 25.
Win64/Sirefef
Updated on May 12, 2014
Windows Defender detects and removes this threat.
See the Win32/Sirefef family description for more information.
Alert level:
severe
WinNT/Sirefef
Updated on May 13, 2014
Windows Defender detects and removes this threat.
See the Win32/Sirefef family description for more information.
Alert level:
severe
Win32/Yaha
Updated on Jul 15, 2015
Windows Defender Antivirus detects and removes this threat.
Win32/Yaha is a family of mass-mailing network worms that targets certain versions of Microsoft Windows. The worm spreads primarily by sending a copy of itself as an attachment to e-mail addresses gathered from an infected computer. It can also spread through mapped drives and writeable network shares. The worm can terminate security-related processes and conduct denial of service (DoS) attacks against certain Web sites.
Alert level:
severe
Win32/Elkern
Updated on Sep 16, 2005
Win32/Elkern is a family of parasitic viruses that targets certain versions of Microsoft Windows. The virus can spread by infecting processes and executable files, and by copying itself to local drives and writeable network shares. It is also dropped by Win32/Klez.
Alert level:
high
Win32/Hackdef
Updated on Apr 11, 2011
Win32/Hackdef is a family of backdoor Trojans that is distributed in various ways to computers running certain versions of Microsoft Windows. This Trojan is a user-mode rootkit. It creates, alters, and hides Windows system resources on a computer that it has infected, and can hide proxy services and backdoor functionality. It can also conceal use of TCP and UDP ports for receiving commands from attackers.
Alert level:
severe
Win32/Hybris
Updated on Mar 25, 2007
Win32/Hybris includes both a virus and a worm component. The virus component infects WSOCK32.DLL, enabling the virus to activate when an Internet connection is established. The worm component spreads by monitoring outgoing e-mail traffic and, when a legitimate e-mail is sent, follows that by sending a second email to the same addresses. That email contains a copy of the worm. Win32/Hybris can download plug-ins via anonymous binary postings made to a particular newsgroup, thus changing the functionality.
Alert level:
severe
Win32/Sasser
Updated on Apr 11, 2011
Win32/Sasser is a family of network worms that exploit the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011. The worm spreads by randomly scanning IP addresses for vulnerable machines and infecting any that are found.
Alert level:
severe
Win32/Passalert
Updated on Nov 30, 2006
Win32/Passalert is a family of Trojan downloaders capable of downloading and running malicious software. Win32/Passalert may stop, delete, or circumvent processes or services associated with firewall, antivirus, or other security software, thus potentially lowering the security settings on affected computers.
Alert level:
high
Win32/Valla
Updated on Apr 11, 2011
Win32/Valla is a virus that appends itself to executable files on an infected computer.
Alert level:
high
Win32/Harnig
Updated on Apr 11, 2011
Win32/Harnig is a family of Trojan downloaders capable of downloading and running malicious software. Win32/Harnig may stop, delete, or circumvent processes or services associated with firewall, antivirus, or other security software, thus potentially lowering the security settings on affected computers.
Alert level:
high
Win32/Sober
Updated on Jul 14, 2015
Windows Defender Antivirus detects and removes this threat.
Win32/Sober is a family of mass-mailing worms that targets certain versions of Microsoft Windows.
The worm sends itself as an attachment to email addresses that it finds in files on the infected PC. The worm is activated when a user opens the attachment.
Alert level:
severe
Win32/Zindos
Updated on May 16, 2005
Win32/Zindos is a worm that targets computers running the following Microsoft Windows 9x, Windows ME, Windows NT, Windows 2000, and Windows XP. The worm spreads to computers that are already infected by the mass-mailer worm Win32/Mydoom.O@mm. Win32/Zindos may perform a denial of service (DoS) attack against certain Web sites.
Alert level:
severe
Win32/Nachi
Updated on Aug 18, 2003
Win32/Nachi is a family of network worms that spread across network connections by exploiting one or more vulnerabilities in Microsoft Windows 2000 and Windows XP. These worms can also spread using backdoors opened by other malicious software. The worm tries to download and apply security updates; some variants try to remove other malicious software that may be on the infected computer. Some variants replace Web pages stored on the computer with their own Web page.
Alert level:
severe
Win32/Nachi
Updated on May 16, 2005
Win32/Nachi is a family of network worms that spread across network connections by exploiting one or more vulnerabilities in Microsoft Windows 2000 and Windows XP. These worms can also spread using backdoors opened by other malicious software. The worm tries to download and apply security updates; some variants try to remove other malicious software that may be on the infected computer. Some variants replace Web pages stored on the computer with their own Web page.
Alert level:
severe
Win32/Spybot
Updated on Apr 11, 2011
Win32/Spybot is a network worm that targets certain versions of Microsoft Windows. The worm can spread through writeable network shares that have weak administrator passwords, or through peer-to-peer, file-sharing programs. It can also spread by exploiting various Windows vulnerabilities. Win32/Spybot also has a backdoor component that allows attackers to control an infected computer.
Alert level:
high
Win32/Optixpro
Updated on Oct 28, 2005
Win32/Optixpro is a family of backdoor Trojans that targets several versions of Microsoft Windows. This Trojan is an enhanced version of Win32/Optix. The Trojan opens a backdoor that allows an attacker to control the computer remotely. It can be configured by attackers to perform a variety of malicious actions on the infected computer.
Alert level:
severe
Win32/Doomjuice
Updated on Apr 11, 2011
Win32/Doomjuice is a family of worms that target machines infected with Win32/Mydoom. Win32/Doomjuice scans for systems listening on the TCP port opened by the backdoor component of Win32/Mydoom. The worms launch a denial of service (DoS) attack against www.microsoft.com.
Alert level:
severe
Win32/Randex
Updated on Jul 14, 2015
Windows Defender Antivirus detects and removes this threat.
Win32/Randex is a family of worms that targets PCs running Microsoft Windows 9x, Windows NT 4.0, Windows 2000, Windows Server 2003, and Windows XP. T
he worm scans randomly-generated IP addresses to attempt to spread to network shares with weak passwords. After the worm infects a PC, it connects to an IRC server to receive commands from the attacker. If your PC is infected by this worm, you might notice crashes or slowdowns during normal operation.
Alert level:
severe
Win32/Plexus
Updated on Jul 15, 2015
Windows Defender Antivirus detects and removes this threat.
Win32/Plexus is a mass-mailing email worm that targets Microsoft Windows. The worm also spreads through Kazaa peer-to-peer network shares and to computers that have not been patched for the Windows vulnerabilities described in Microsoft Security Bulletins MS03-039 and MS04-011. Win32/Plexus opens a backdoor which allows attackers to run arbitrary code on the infected computer.
Alert level:
high
Win32/Opaserv
Updated on Jul 15, 2015
Windows Defender Antivirus detects and removes this threat.
Win32/Opaserv is a family of network worms that targets computers running certain versions of Microsoft Windows.
The worm spreads through network shares using weak passwords or by exploiting the Windows vulnerability described in Microsoft Security Bulletin MS00-072. The worm can connect to a specified Web site to update itself. A Trojan dropped by one or more Opaserv variants performs operations that can prevent a computer from restarting.
Alert level:
severe