TrojanDownloader:Win32/Stration!ZIP is generic detection for e-mail .zip attachments containing variants of Win32/Stration. Win32/Stration is a family of mass-mailing email worms that send themselves to addresses obtained from a wide range of file types found on the infected system. The e-mail message composed by the worm may masquerade as a failure message or as a scanning tool. Win32/Stration.gen also acts as a Trojan downloader, attempting to download a file from a remote website. The downloaded file may be another variant of the Win32/Stration family.

Backdoor:Win32/Bifrose.ACI.dr is a Trojan dropper for the Trojan backdoor Win32/Bifrose.ACI. Bifrose.ACI allows an attacker access to the compromised computer, and injects its processes into the Windows shell and the Internet Web browser Internet Explorer.

TrojanDownloader:Win32/VB.BE is a trojan that downloads and executes another trojan from a remote Web site. We have received reports that this trojan was distributed in the wild on MySpace with a malicious link referring to the Microsoft Malicious Software Removal Tool (MSRT).

SpySheriff may be installed without user consent, and may then display a dialog box suggesting malware has been found, and prompting the user to buy software to remove the malware that doesn't exist. SpySheriff may download and install program updates without notifying the user.

Win32/Korgo.O.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.

Win32/Mydoom.AP@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it gathers from Web site queries and from the infected computer. The worm also monitors a TCP port for commands from remote attackers.

Win32/Mydoom.AR@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it gathers from Web site queries and from the infected computer. The worm also monitors a TCP port for commands from remote attackers.