Windows Defender Antivirus detects and removes this threat.

 

Win32/Wootbot is a family of network worms that target certain versions of Microsoft Windows.

 

The worm spreads to writeable network shares as well as MySQL and Microsoft SQL Server application servers. It also spreads by exploiting various Windows vulnerabilities. The worm has a backdoor component that connects to an IRC server and joins a specific channel to receive commands from attackers.

Backdoor:Win32/Rbot.EB is a backdoor trojan that spreads by copying exploiting the vulnerabilities described in Microsoft Security Bulletins MS04-011 and MS03-026. Backdoor:Win32/Rbot.EB connects to an IRC server from the infected computer and accepts commands remote from attackers.

Windows Defender detects and removes this threat.

It is a mass-mailing worm that sends a copy of itself as an email attachment to your email contacts. It attempts to download files, including other malware, to your computer.

It also spreads by copying itself to removable drives such as USB sticks.

Virus:Win32/Viking.G is a virus that can infect other executable files. It may also spread to other computers in the network by copying itself to network shares. It may terminate other security-related software and download files from certain websites.

Exploit:Win32/Siveras.B is detection for specific known malware used to exploit a vulnerability in the Domain Name System (DNS) Server Service. This vulnerability impacts Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.

 

Note that exploit of the vulnerability may not be file-based or the malicious files might be removed by the attacker after successful exploit. For vulnerability details, workarounds, and patch information, please refer to Microsoft Security Advisory (935964).

Backdoor:Win32/Rbot!2FA0 is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

 

Backdoor:Win32/Rbot!2FA0 may be detected as Backdoor:Win32/Rbot.BH.

Worm:Win32/Newbiwo.C is a worm that infects network shares. It also drops and runs other malware.

Windows Defender detects and removes this threat.

The Win32/Foidan family can monitor and change how your Internet browser behaves.

Trojans in this family can get onto your PC when you download a file from the Internet. They can also be downloaded by other malware.

Win32/Mydoom.A@mm is a mass-mailing worm that sends itself to e-mail addresses it finds on the infected computer. The worm also installs a .dll file that acts as a backdoor. After February 1, 2004, the worm attempts a denial-of-service (DoS) attack against www.sco.com.

Win32/Mydoom.A2@mm is a mass-mailing worm that sends itself to e-mail addresses it finds on the infected computer. The worm also installs a .dll that acts as a backdoor. After February 1, 2004, the worm attempts to perform a denial-of-service (DoS) attack against www.sco.com.

Win32/Korgo.F.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected systems. A computer infected with this worm may crash and reboot unexpectedly.

Win32/Korgo.Q.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.

Worm:Win32/Wootbot.C is a network worm that targets computers running certain versions of Microsoft Windows. The worm has a backdoor component that connects to an IRC server to receive commands from attackers. For example, an attacker can send a command to distribute the worm to other computers.

Win32/Sober.I@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on an infected computer. The worm is activated when a user opens the attachment. 

Win32/Sober.D@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens the attachment.

Win32/Sober.B@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when the e-mail recipient opens the attachment or clicks a Web site link that is in the e-mail message body.

Win32/Sober.C@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens the attachment or clicks a Web site link that is in the e-mail.

Win32/Sober.E@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens the attachment.