Win32/Mytob.Z@mm is a mass mailing worm that targets certain versions of Windows. It spreads to other computers by exploiting Windows vulnerabilities, and through MSN or Windows messenger. The worm also functions as an Internet Relay Chat (IRC) client 'bot' to receive commands from attackers.

Worm:Win32/Mydoom.AX@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it gathers from the infected computer and from Web site queries. The worm runs when a user opens the e-mail attachment. The worm also has a backdoor component that monitors a TCP port for commands from attackers.

Win32/Bropia.W.worm is a worm that targets computers running certain versions of Microsoft Windows. The worm spreads as a file sent through MSN Messenger or Windows Messenger. The worm drops a variant of Backdoor:Win32/Rbot when the user opens the file.

Backdoor:Win32/Rbot.FN is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Win32/Dumaru.A@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends a copy of itself as an attachment to e-mail addresses found on the infected computer. The worm also spreads by infecting executable files in the root directories of NTFS partitions. Win32/Dumaru.A@mm has a backdoor component that connects to an IRC server to receive commands from attackers.

Worm:Win32/Mytob.FD@mm is a mass-mailing worm that targets computers running certain versions of Windows. The worm spreads by sending a copy of itself as an attachment to e-mail addresses found on the computer.  The worm has a backdoor component that connects to an IRC server from an infected computer to receive commands from attackers.

Win32/Mytob.DR@mm is a mass-mailing worm that targets computers running certain versions of Windows. The worm spreads by sending a copy of itself as an attachment to e-mail addresses found on the computer.  The worm has a backdoor component that connects to an IRC server from an infected computer to receive commands from attackers.

Win32/Mytob.DQ@mm is a mass-mailing worm that targets computers running certain versions of Windows. The worm spreads by sending a copy of itself as an attachment to e-mail addresses found on the infected computer. The worm has a backdoor component that connects to an IRC server from the computer to receive commands from attackers.

Worm:Win32/Mytob.KV@mm is a worm that spreads via e-mail. It also contains backdoor functionality that allows unauthorized access to an affected machine.

Win32/Bagle.EG@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is sent in a password protected zip file along with the password for the user to unzip the file.  The worm monitors a random TCP port for instructions from remote attackers.

Worm:Win32/Rewdar.A is a network worm that spreads to systems that have not been patched for one or more of the Windows vulnerabilities described in Microsoft Security Bulletins MS04-011, MS05-039, and MS06-040. Worm:Win32/Rewdar.A may also download and run additional malicious software from a specified URL. Worm:Win32/Rewdar.A attempts to terminate security related processes and blocks access to security related websites by modifying the local HOSTS file. These modifications could cause the impacted user to be unable to access updates necessary to detect and remove the worm.

Trojan:Win32/Delf.M!CME-96 is a user-mode rootkit that hides its own presence on the system, as well as hiding the presence of other malicious software to which it may be associated.

Win32/Reatle.A@mm!CME-875 is a mass-mailing e-email and network worm that exploits the Windows LSASS vulnerability described in Microsoft Security Bulletin MS04-011. Win32/Reatle.A@mm!CME-875 also downloads and runs a file from a URL specified in the worm's code.

Trojan:Win32/Delf.M is a user-mode rootkit that hides its own presence on the system, as well as hiding the presence of other malicious software to which it may be associated. This trojan will be detected by Microsoft as Trojan:Win32/Delf.M!CME-96.

EliteBar displays pop-up advertisements on the desktop and may take other actions without user consent. It may add its own toolbar in Internet Explorer, for which it may install a browser helper object (BHO). EliteBar may also change the user's Internet Explorer home page and add its own "favorites" URLs to the user's Favorites list. Elitebar employs user-mode rootkit techniques to hide some of its files, processes, and registry entries, so that these resources are not visible in system utilities such as Windows Explorer, Task Manager, and Registry Editor. Elitebar may be installed without notifying the user, and may silently download and install updates or other executable code. 

Win32/Bagle.BA@mm!CME-477 is a mass-mailing worm. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it finds on the host computer. Win32/Bagle.BA@mm!CME-477 also spreads by copying itself to folders containing the string 'shar' in the folder name.

Worm:Win32/Bagle.ZD@mm is a mass-mailing e-mail worm that attempts to download and run arbitrary files from remote Web sites. Worm:Win32/Bagle.ZD@mm collects e-mail address from the local drive and also obtains e-mail addresses by checking Web site URLs included in the worm's code. The worm attempts to terminate the Windows Automatic Update service and modifies the System Registry in an attempt to disable booting into Safe Mode.

Trojan:Win32/Lowzones.gen!A is a detection for trojans that lower Internet security settings.

This program was detected by definitions prior to 1.175.1915.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

TrojanDownloader:Win32/VB.BZ displays erroneous warning messages in an attempt to mislead the user into believing they are infected with malicious software. The program then prompts the user to download additional software in order to resolve the erroneously detected issues.