Trojan:Win32/Boaxxe.C is a Browser Helper Object (BHO) that is used to download and execute arbitrary files.

Trojan:Win32/VNCKill.A is a trojan that terminates a remote control client, known as VNC or Virtual Network Computing, and deletes program folders associated with this application.

TrojanDownloader:Win32/Zlob.CCA is a generic detection of a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software).

 

The Win32/Zlob family is associated with rogue security programs that display misleading warnings regarding non-existent malware installations or infections. Once installed, Win32/Zlob deceives users by displaying alerts, and similar messages that claim that the machine is infected by malware and spyware. It then displays links to purchase rogue Antispyware products. 

The TrojanDownloader:Win32/Zlob.CCA detection is specific to a DLL component from a Win32/Zlob installation. The component is responsible for displaying  fake alerts and messages claiming that the user's system is infected with spyware.

TrojanDownloader:Win32/Renos.CJ is a variant of Win32/Renos, a family of trojan downloaders that automatically download unwanted software such as SpySheriff, SpyAxe, SpyFalcon, SpyDawn, SpywareStrike, and other similarly named programs. These programs typically present erroneous warnings claiming the system is infected with spyware and offer to remove the alleged spyware for a fee. In some cases, the programs may also cause system instability.

Program:Win32/BaiduIebar is a detection for an address line search tool. This program was detected by definitions prior to 1.153.956.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released definition 1.153.956.0 which no longer detects this program.

Trojan:Win32/Horst.gen!B is a generic detection for a group of trojans that manipulates the web interfaces for free online e-mail service providers, such as Yahoo, AOL, Gmail and Hotmail, with the intention of registering e-mail accounts that can be utilized to send spam.

TrojanSpy:Win32/Goldun.ZZR is a password stealer that targets online financial institution user credentials. It may have been distributed in a spam e-mail message, as an attachment named 'photo.scr'.

TrojanSpy:Win32/Maran.AT is a trojan that captures user login details for Yahoo Messenger, several online games, and other web sites.

TrojanDownloader:Win32/Renos.CO is a variant of Win32/Renos, a family of trojan downloaders that automatically download unwanted software such as SpySheriff, SpyAxe, SpyFalcon, SpyDawn, SpywareStrike, and other similarly named programs. These programs typically present erroneous warnings claiming the system is infected with spyware and offer to remove the alleged spyware for a fee. In some cases, the programs may also cause system instability.

Trojan:Win32/MotePro may display advertisement pop-ups, and download programs from predefined Web sites. When installed, Win32/MotePro runs as a Web Browser Helper Object (BHO).

Spammer:Win32/Clodpuntor is a trojan that sends spam e-mail.

TrojanDownloader:Win32/Zlob.gen!AV is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

Worm:AutoIt/Sohanad.AI is an AutoIT script worm that spreads by copying itself to local and removable drives, and network shares. It may also send messages to contacts via Yahoo Messenger.

Worm:Win32/Nuqel.AS is an AutoIT script worm that spreads by copying itself to local and removable drives, and network shares. It may also send messages to contacts via Yahoo Messenger.

Trojan:Win32/Zlob.gen!H is a generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

Trojan:Win32/Silentbanker.B.dll is a component of Trojan:Win32/Silentbanker.B, which is a generic detection for variants of the Silentbanker trojan family.

 

Win32/Silentbanker is a monitoring trojan that captures screen shots, and logs key strokes, including login credentials for financial institutions. This trojan alters login pages displayed in order to capture specific data, redirects user Web page requests, and may download additional malicious programs.

Exploit:Win32/Jdrop.gen!A is a generic detection for specially crafted Microsoft Access Database (MDB) files that exploit the Microsoft Jet Database Engine File Parsing Stack Overflow Vulnerability. This vulnerability is referenced by Common Vulnerabilities and Exposures ID CVE-2008-1092, and described in Microsoft Security Advisory 950267.

Trojan:Win32/Tibs.gen!H is a generic detection that may identify other variants of malware affiliated with the 'Tibs' malware distribution network.