TrojanDropper:Win32/Pidrop.A is a detection for a malicious .PDF document that drops VBScripts that attempt to drop and execute other malware detected as TrojanDropper:Win32/Emold.C.

TrojanDownloader:Win32/Renos.CM is a variant of Win32/Renos, a family of trojan downloaders that automatically download unwanted software such as SpySheriff, SpyAxe, SpyFalcon, SpyDawn, SpywareStrike, and other similarly named programs. These programs typically present erroneous warnings claiming the system is infected with spyware and offer to remove the alleged spyware for a fee. In some cases, the programs may also cause system instability.

Win32/Renos.gen!BA is a generic detection for a family of trojan downloaders that display fake warning messages indicating that spyware or malware has been detected on the machine, before downloading rogue security products, most notably Program:Win32/Antivirusxp or Trojan:Win32/FakeXPA. In the wild, Win32/Renos.gen!BA has been distributed via spam e-mail messages.

TrojanDownloader:HTML/Renos is Microsoft's generic detection for a trojan HTML script that attempts to download executable rogue security software when a user visits a malicious Web site and moves the mouse cursor over certain graphics or images.

 

Note: Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs, such as Trojan:Win32/Antivirusxp and Program:Win32/FakeRednefed may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 

 

Use Microsoft Windows Defender, the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742), or another up-to-date scanning and removal tool to detect and remove these threats and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

TrojanDropper:Win32/Oficla.D is a detection for a trojan that installs and executes Trojan:Win32/Oficla.M. This Win32/Oflicla variant attempts to connect with a remote host and download a configuration data file that instructs the trojan to retrieve other malware from additional download locations.

TrojanDownloader:Win32/Renos.IA is a trojan that connects to certain websites in order to download other malware. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.

Trojan:Win32/Zlob.AU is installed by other variants of Win32/Zlob as a Web Browser Helper Object (BHO). Win32/Zlob.AU downloads other malware.

TrojanDownloader:Win32/Waledac.AJ is a member of Win32/Waledac - a family of trojans that collects email addresses found on the computer on which it is installed and distributes spam email messages. Win32/Waledac may also try to contact different websites for posting data and downloading arbitrary executable files.

Trojan:Win32.Busky.EC generates 'out of context' pop-up advertisements. It may connect to a remote web server to download updates or other files.

TrojanDownloader:HTML/Renos.J is a detection for a trojan HTML script that attempts to download executable rogue security software when a user visits a malicious Web site and moves the mouse cursor over certain graphics or images.

 

Note: Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs, such as Trojan:Win32/Antivirusxp and Program:Win32/FakeRednefed may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 

TrojanDropper:Win32/Emold.D is a trojan that drops another trojan dropper that installs a rootkit on the affected system in order to hide malicious activity, and contacts a remote site. The rootkit is detected as VirTool:WinNT/Emold.gen!A.

Windows Defender Antivirus detects and removes this threat. See the Win32/FakeRean description for more information.

VirTool:WinNT/Xantvi.gen!A is a generic detection for a kernel-mode rootkit driver that terminates processes and attempts to hide the presence of related malware on an affected machine.

TrojanDownloader:Win32/Renos.AY a generic detection for a component of certain variants of TrojanDownloader:Win32/Renos, a family of trojan downloaders that automatically download unwanted software such as SpySheriff, SpyAxe, SpyFalcon, SpyDawn, SpywareStrike, and other similarly named programs. These programs typically present erroneous warnings claiming the system is infected with spyware and offer to remove the alleged spyware for a fee. In some cases, the programs may also cause system instability.

TrojanDownloader:Win32/VB.BE is a trojan that downloads and executes another trojan from a remote Web site. We have received reports that this trojan was distributed in the wild on MySpace with a malicious link referring to the Microsoft Malicious Software Removal Tool (MSRT).

Trojan:Win32/Sudiet.B is a component utilized by Win32/Alureon - - a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. The Win32/Alureon trojan may also allow an attacker to transmit malicious data to the infected computer. The trojan may modify DNS settings on the host computer to enable the attacker to perform these tasks. As a result, it may be necessary to reconfigure DNS settings after Win32/Alureon is removed from the computer.

VirTool:Win32/Obfuscator are detections for programs that have had their purpose obfuscated to hinder analysis or detection by anti-virus scanners.

TrojanDownloader:Win32/Renos.JG is a detection for a trojan that connects to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.

TrojanDownloader:Win32/Renos.HU is a trojan that connects to certain websites in order to download other malware. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.