Win32/Gaobot.ZN.worm is a backdoor Trojan that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS01-059, MS02-061, MS03-001, MS03-007, MS03-026, or MS03-049. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

W32.Mimail.E@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on an infected computer. The worm is activated when the user opens the attachment. The worm also launches denial of service (DoS) attacks against certain Web sites.

Win32/HLLW.Doomjuice.B is a worm that targets computers infected with the Mydoom.A or Mydoom.B worms. Doomjuice.B scans for systems listening on TCP port 3127, the backdoor port for Mydoom.A and Mydoom.B. Doomjuice.B launches a denial of service (DoS) attack against www.microsoft.com.

Win32/HLLW.Nachi.K is a network worm that targets Microsoft Windows 2000 and Windows XP. It propagates by exploiting several known vulnerabilities. It tries to download and apply security updates if it detects the operating system is a certain language version. It also tries to remove certain worms if they are on the infected system.

Worm:Win32/Gaobot.CT is a worm that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Worm:Win32/Gaobot.AZ is a worm that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Win32/Spybot.BA.worm is a network worm that targets certain versions of Microsoft Windows. When a computer is infected with Win32/Bropia.D.worm, that worm drops Win32/Spybot.BA.worm on the infected computer. Win32/Spybot.BA.worm in turn spreads to other computers that do not have Microsoft Security Bulletin MS04-011 (Windows LSASS buffer overflow vulnerability) installed. Win32/Spybot.BA.worm also has backdoor capabilities, which allow attackers to control an computer through an IRC channel.

Win32/Spybot.BK.worm is a network worm that targets certain versions of Microsoft Windows. When a computer is infected with Win32/Bropia.O.worm, that worm drops Win32/Spybot.BK.worm on the infected computer. Win32/Spybot.BK.worm in turn spreads to other computers that do not have Microsoft Security Bulletin MS04-011 (Windows LSASS buffer overflow vulnerability) installed. Win32/Spybot.BK.worm also has backdoor capabilities, which allow attackers to control a computer through an IRC channel.

Win32/Sober.P@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on an infected computer. The worm runs when a user opens the attachment.

Win32/Randex.FK.worm is a network worm that targets computers running certain versions of Microsoft Windows. It scans randomly generated IP addresses to spread to network shares with weak passwords. After the worm infects a computer, it connects to an IRC server to receive commands from the attacker. If your computer is infected by Win32/Randex.FK worm, you may experience system performance degradation, slower network connectivity, or system crashes.

Backdoor:Win32/Wootbot.AX is a backdoor Trojan that targets computers running certain versions of Microsoft Windows. The Trojan connects to an IRC server to receive commands from attackers. For example, an attacker can send a command to distribute the Trojan to other computers by exploiting the Windows LSASS vulnerability described in Microsoft Security Bulletin MS04-011.

Win32/Mydoom.A@mm is a mass-mailing worm that sends itself to e-mail addresses it finds on the infected computer. The worm also installs a .dll file that acts as a backdoor. After February 1, 2004, the worm attempts a denial-of-service (DoS) attack against www.sco.com.

Win32/Netsky.P@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens an e-mail attachment that contains the worm. The worm also exploits a vulnerability that is fixed in Microsoft Security Bulletin MS01-020.

Worm:Win32/Brontok.AB@mm is a worm that spreads via e-mail and removable drives. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from files on the infected computer. It can also copy itself to USB and pen drives. Win32/Brontok can disable antivirus and security software, immediately terminate certain applications, and cause Windows to restart immediately when certain applications run. The worm may also conduct Denial of Service (DoS) attacks against certain web sites.

Win32/Archivarius is a family of worms that spreads via peer to peer file sharing programs such as Limewire and eDonkey. They also install a backdoor on the system which may be used to download and execute arbitrary files.

Worm:BAT/Autorun.B!inf is a detection for the INF file used by Worm:BAT/Autorun.B to automatically execute when the removable drive in which it is located is accessed. It usually arrives in a removable drive as the file autorun.inf.

Storm Worm, or Win32/Nuwar, refers to a family of Trojan droppers that install a distributed peer-to-peer (P2P) downloader Trojan. This downloader Trojan in turn downloads a copy of the email worm component of Storm Worm.

Worm:Win32/Slenfbot.F is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Worm:Win32/SillyFDC is a worm that spreads via network shares.