Exploit:Java/ByteVerify is a detection of malicious code that attempts to exploit a vulnerability in the Microsoft Virtual Machine (VM). This flaw enables attackers to execute arbitrary code on a user's machine such as writing, downloading and executing additional malware. This vulnerability is addressed by update MS03-011, released in 2003.

Exploit:Java/ByteVerify.C is a detection of malicious code that attempts to exploit a vulnerability in the Microsoft Virtual Machine (VM) in order to download and execute arbitrary files on a user's machine. This vulnerability is addressed by update MS03-011, released in 2003.

Exploit:Win32/MS05002.gen is a generic detection for malware that exploits a vulnerability in the way certain un-patched versions of Microsoft Windows handle malformed animated cursor files. These files commonly have an 'ani' file extension. The exploit causes a buffer overflow that could allow an attacker to remotely execute arbitrary code on impacted systems.

A patch for this vulnerability has been available since 2005, and further discussion is located on Technet (http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx).

Exploit:HTML/AdoStream is a generic detection for malicious JavaScript or VBScripts embedded inside HTML pages. These scripts takes advantage of the ADODB.Stream functionality in ActiveX, combined with known security vulnerabilities in Microsoft Internet Explorer, in order to download and install other malwares onto a computer.

Trojan:Win32/Agent.AGB is a hacking tool designed to supply attackers with "Captcha" translations. The tool is designed to submit Captcha samples to a collection server.

 

Captcha is an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart". The main purpose for using Captcha is for human-authentication; it is used as a deterrent for attackers using automated methods of logging into chat rooms, or forums to post spam messages and advertisements.

Virus:Win32/Cutwail.B is a virus that patches the file WINLOGON.EXE - a system file for Windows that manages Windows logon. This modification is used to load the file wsys.dll.

Virus:Win32/Cutwail.A is a virus that patches the file WINLOGON.EXE - a system file for Windows that manages Windows logon. This modification is used to load the file wsys.dll.

Virus:Win32/Cutwail.C is a virus that patches the file WINLOGON.EXE - a system file for Windows that manages Windows logon. This modification is used to load the file ws2_32.dll:fork2.

Virus:Win32/Cutwail.D is a virus that patches the file WINLOGON.EXE - a system file for Windows that manages Windows logon. This modification is used to load the file ws2_32.dll:fork2.

TrojanDownloader:Win32/Wixud.gen!A is a trojan that downloads and executes arbitrary files and makes a number of modifications to an affected user's system settings.

TrojanDownloader:Win32/Cekar.gen!A is a file that may be dropped by Virus:Win32/Cekar variants.

TrojanDownloader:Win32/Slupim.A is a trojan that contacts remote hosts in order to receive instructions for further actions to perform. Instructions received by the trojan may vary, however, they can include  downloading and executing arbitrary files.

Trojan:Win32/Silentbanker.B is a generic detection for variants of the Silentbanker trojan family.

 

Win32/Silentbanker is a monitoring trojan that captures screen shots, and logs key strokes, including login credentials for financial institutions. This trojan alters login pages displayed in order to capture specific data, redirects user Web page requests, and may download additional malicious programs.

TrojanDownloader:Java/Jarvanwan.A is a trojan java applet that uses Exploit:Java/ByteVerify.C to download and execute malware on the user's computer.

TrojanDownloader:Win32/Zlob.gen!AX is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

 

This particular component may attempt to download unwanted software.

This program was detected by definitions prior to 1.175.1915.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.