Worm:Win32/Esbot.C is a network worm that targets Microsoft Windows 2000 computers by exploiting the Windows Plug-and-Play buffer overflow vulnerability that is fixed with Microsoft Security Bulletin MS05-039. The worm can also infect computers running other Windows operating systems if it is delivered through e-mail, instant messaging, or other routes. The worm has a backdoor component that connects to an IRC server to receive commands from attackers.

Win32/Mytob.K@mm is a mass-mailing network worm that spreads through e-mail, FTP, MSN Messenger, and Windows Messenger. The worm can also spread to computers that have not been patched for the Windows DCOM RPC vulnerability described in Microsoft Security Bulletin MS03-026. Win32/Mytob.K@mm has a backdoor component that connects to an IRC server from the infected computer to receive commands from attackers.

Win32/Mytob.AJ@mm is a mass-mailing network worm that targets computers running certain versions of Microsoft Windows. The worm spreads as an attachment through e-mail. It can also spread to computers that have not been patched for the Windows vulnerability described in Microsoft Security Bulletin MS04-011. Win32/Mytob.AJ@mm has a backdoor component that connects to an IRC server from the infected computer to receive commands from attackers.

Win32/Haxdoor is a family of rootkit-capable backdoor trojans which gather and send private user data to remote attackers. Collected data might include user names and passwords, credit card numbers, bank logon credentials, or other sensitive financial information. Files and processes related to a Win32/Haxdoor infection may be hidden by a kernel-mode rootkit component, detected by Microsoft as WinNT/Haxdoor. Win32/Haxdoor can also disable security-related software and redirect the infected user’s URL connection requests. Depending on the version of the operation system infected, Win32/Haxdoor may perform other malicious actions, such as clearing CMOS settings, destroying disk data, and shutting down Windows unexpectedly.

VirTool:Win32/Tibs.E.dll is a user-mode rootkit that may be dropped by a variant of Win32/Tibs or by variants of other malicious software. VirTool:Win32/Tibs.E.dll is injected into certain types of processes in order to hide certain malicious software on the computer.

Backdoor:Win32/Poebot is a family of backdoor trojans that allow remote attackers to control infected computers. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting unpatched vulnerabilities, and spreading through backdoor ports opened by other families of malicious software. The trojan can also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers. In addition, the trojan may be used to steal CD keys and licensing credentials for various online games.

Worm:Win32/Zotob.B is a network worm that exploits the Plug-and-Play vulnerability fixed in Microsoft Security Bulletin MS05-039. The worm targets computers running Microsoft Windows 2000 that do not have MS05-039 installed. The worm can also infect computers running other versions of Windows operating systems if it is delivered through e-mail, instant messaging, or other routes.

Worm:Win32/Esbot.A is a network worm that targets computers running Microsoft Windows 2000 that do not have Microsoft Security Bulletin MS05-039 installed. The worm can also infect computers running other Windows operating systems if it is delivered through e-mail, instant messaging, or other routes. The worm has a backdoor component that connects to an IRC server to receive commands from attackers.

Win32/Parite is a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives.

Worm:Win32/Roron.AA@mm is a worm that attempts to send personal information to a remote address. It may spread via e-mail, network shares, or peer-to-peer file sharing.

Windows Defender detects and removes this threat.

It is a mass-mailing worm that sends a copy of itself as an email attachment to your email contacts. It attempts to download files, including other malware, to your computer.

It also spreads by copying itself to removable drives such as USB sticks.

Worm:Win32/Brontok.S@mm is a mass-mailing email worm that modifies certain computer settings, such as how hidden files are displayed, and disables registry editing.

It spreads by sending a copy of itself, as an email attachment, to contacts stored on your computer. It can also copy itself to USB and removable drives.

The worm is a member of the Worm:Win32/Brontok@mm and Win32/Brontok families.

TrojanDownloader:Win32/Vildo.P!CME-402 downloads programs from certain URLs to the host computer and runs the programs without notifying the user. The Trojan conceals itself and bypasses local software firewall policies by injecting itself into the Windows explorer.exe process and running from within that process context.

WinNT/Haxdoor is a family of kernel-mode trojan components affiliated with Win32/Haxdoor. The Win32/Haxdoor family of trojans are rootkit-capable backdoor trojans which gather and send private user data to remote attackers. Collected data might include user names and passwords, credit card numbers, bank logon credentials, or other sensitive financial information. Files and processes related to a Win32/Haxdoor infection may be hidden by a kernel-mode rootkit component, detected by Microsoft as WinNT/Haxdoor. Win32/Haxdoor can also disable security-related software and redirect the infected user’s URL connection requests. Depending on the version of the operation system infected, Win32/Haxdoor may perform other malicious actions, such as clearing CMOS settings, destroying disk data, and shutting down Windows unexpectedly.

TrojanDownloader:Win32/Vildo.P downloads programs from certain URLs to the host computer and runs the programs without notifying the user. The Trojan conceals itself and bypasses local software firewall policies by injecting itself into the Windows explorer.exe process and running from within that process context. TrojanDownloader:Win32/Vildo.P is detected by Microsoft as TrojanDownloader:Win32/Vildo.P!CME-402.

Win32/Sober.V@mm!CME-157 is a mass-mailing worm. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from certain files on the host computer. The worm runs on when the user opens the e-mail attachment.

Win32/Sober.V@mm is a mass-mailing worm. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from certain files on the host computer. The worm runs on when the user opens the e-mail attachment.

Backdoor:Win32/Poebot.A is a backdoor trojan that allow remote attackers to control infected computers. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting unpatched vulnerabilities, and spreading through backdoor ports opened by other families of malicious software. The trojan can also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers. In addition, the trojan may be used to steal CD keys and licensing credentials for various online games.

Virus:Win32/Parite.B.dll is detection for the dll component of the Win32/Parite virus. Win32/Parite is a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives.

Win32/Parite is a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives.