Backdoor:Win32/Rbot.ER is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.FT is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

PWS:Win32/Lineage.AT is a Trojan that targets computers running certain versions of Microsoft Windows. The Trojan terminates security-related processes, drops a file that captures certain passwords, and runs a file that it downloads from a Web site.

TrojanDownloader:Win32/Mitglieder.DD downloads malicious executable files from various URLs and then runs those files on the host computer. TrojanDownloader:Win32/Mitglieder.DD injects a dll into the explorer.exe process, which could allow the trojan to bypass local software-based firewall policies.

Win32/Mywife.E@mm is a mass-mailing network worm that targets certain versions of Microsoft Windows. The worm spreads through e-mail attachments and writeable network shares. It is expected to corrupt the content of specific files on the third day of every month.

 

This threat has been assigned CME identifier CME-24. It will be detected as Win32/Mywife.E@mm!CME-24.

Win32/Chir.A@mm is a mass-mailing worm. The worm sends a copy of itself as an e-mail attachment to e-mail addresses that it finds on the infected computer and remote shares. The worm runs when a user opens the e-mail attachment. On a computer that has not been patched for the Incorrect MIME Header vulnerability described in Microsoft Security Bulletin MS01-020, the attachment can open automatically under certain conditions.

Win32/Virut.A is a file infecting virus that infects .EXE and .SCR files accessed on infected systems. Win32/Virut.A also opens a backdoor by connecting to an IRC server, allowing a remote attacker to download and run files on the infected computer.

TrojanDownloader:Win32/Small.AWV is a trojan that downloads and executes a file from a specified URL. Most commonly, the downloaded file is a dialer application for pornography-related websites. Such dialers are commonly referred to as a porndialer. The Trojan also creates a window in which it displays messages that may resemble screen output from a legitimate install program.

Win32/Mywife.E@mm is a mass-mailing network worm that targets certain versions of Microsoft Windows. The worm spreads through e-mail attachments and writeable network shares. It is expected to corrupt the content of specific files on the third day of every month.

 

This threat has been assigned CME identifier CME-24. It will be detected as Win32/Mywife.E@mm!CME-24.

Worm:Win32/Brontok.AS@mm is a mass-mailing email worm that modifies certain computer settings, such as how hidden files are displayed, and disables registry editing.

It spreads by sending a copy of itself, as an email attachment, to contacts stored on your computer. It can also copy itself to USB and removable drives.

Worm:Win32/Brontok.AS@mm is a member of the Worm:Win32/Brontok@mm and Win32/Brontok families.

BrowserModifier:Win32/CNNIC enables Chinese keyword searching in Internet Explorer and adds support for other applications to use Chinese domain names that registered with CNNIC (China Internet Network Information Center). This program is often installed as part of a shareware or freeware program, with or without user consent. BrowserModifier:Win32/CNNIC also contains a kernel driver that protects its files and registry settings from being modified or deleted. The program also includes automatic self-update functionality.

Windows Defender detects and removes this threat.

Adware:Win32/Wintrim is a Browser Helper Object BHO that displays pop-up advertisements on your computer.

TrojanDownloader:Win32/Small.BCF!CME-746 downloads a program to the host computer from a URL that is specified in the trojan file. The trojan then runs the downloaded program without notifying the user. The trojan conceals itself and bypasses local software firewall policies by injecting a portion of its code into the Windows explorer.exe process and running from within that process context.

TrojanDownloader:Win32/Small.BCF downloads a program to the host computer from a URL that is specified in the trojan file. The trojan then runs the downloaded program without notifying the user. The trojan conceals itself and bypasses local software firewall policies by injecting a portion of its code into the Windows explorer.exe process and running from within that process context.

TrojanDownloader:Win32/Mitglieder.DD downloads malicious executable files from various URLs and then runs those files on the host computer. TrojanDownloader:Win32/Mitglieder.DD injects a dll into the explorer.exe process, which could allow the trojan to bypass local software-based firewall policies. This dll may be detected by Microsoft as TrojanDownloader:Win32/Mitglieder.DD.dll.

Win32/Mywife.E@mm is a mass-mailing network worm that targets certain versions of Microsoft Windows. The worm spreads through e-mail attachments and writeable network shares. It is expected to corrupt the content of specific files on the third day of every month.

 

This threat has been assigned CME identifier CME-24. It will be detected as Win32/Mywife.E@mm!CME-24.

Win32/Mywife.E@mm is a mass-mailing network worm that targets certain versions of Microsoft Windows. The worm spreads through e-mail attachments and writeable network shares. It is expected to corrupt the content of specific files on the third day of every month.

 

This threat has been assigned CME identifier CME-24. It will be detected as Win32/Mywife.E@mm!CME-24.

Virus:Win32/Viking.G is a virus that can infect other executable files. It may also spread to other computers in the network by copying itself to network shares. It may terminate other security-related software and download files from certain websites.

VirTool:WinNT/Haxdoor.E is a kernel-mode rootkit-enabled Trojan that allows remote control of the infected machine over the Internet. The Trojan contains instructions that allow it to disable certain antivirus programs and firewall applications, log keystrokes, allow remote connections, lower security settings or perform other unwanted actions. VirTool:WinNT/Haxdoor.E gathers user and system information and sends it to a third party.