Trojan:Win32/Sefnit.AJ is a trojan that may monitor Internet Explorer or Mozilla Firefox to hijack the search results for various search engines.

Exploit:JS/Blacole.BV is the detection for malicious JavaScript that loads a series of other exploits that are distributed as components of the "Blackhole kit". If the computer runs a vulnerable version of certain software and exploitation is successful, various malware may be downloaded.

Trojan:WinNT/Killav.G is a malicious system driver that acts as a malicious component for PWS:Win32/OnLineGames variants, such as PWS:Win32/OnLineGames.LH and PWS:Win32/OnLineGames.LY.

Windows Defender detects and removes this threat.

This threat can redirect your web browser to a website that has malicious content.

Find out ways that malware can get on your PC.  

Microsoft security software detects and removes this threat.

This threat can use your PC for click fraud. It can also redirect your Internet searches to a different website than expected.

Find out ways that malware can get on your PC.  

Windows Defender detects and removes this threat.

Exploit:Win32/CVE-2011-0104 is a malicious Microsoft Office file that exploits the vulnerability described in CVE-2011-0104, and resolved with the release of Microsoft Security Bulletin MS11-021.

This file might arrive as an attachment to a spammed email, and might use social engineering techniques (like a legitimate-sounding file name) to get you to open it.

Microsoft Defender Antivirus detects and removes this threat.

This threat is a proxy-data-stealing and information-stealing malware with backdoor capabilities. It allows a remote attacker to take control of your PC and steal personal information.

We have observed this threat being distributed as a malicious attachment to spam email.

Find out ways that malware can get on your PC.  

This is a detection for a potentially unwanted application (PUP) named GameBox.

This application, which is commonly a software bundler or installer for adware, can affect the quality of your computing experience.

TrojanDownloader:Win32/Gida.A is a malicious Adobe Flash program that intends to trick the user into believing their computer has data or security errors that require attention. The errors are false, and the malicious flash redirects the user to a Web site hosting unwanted software such as 'PerformanceOptimizer'.

PWS:Win32/Zbot.QW is a trojan that steals user names and passwords for various Internet and FTP accounts. It may also allow a remote attacker to gain backdoor access and control of the affected system. It can bypass the system firewall and apply stealth mechanisms to avoid detection.

TrojanSpy:Win32/Banker.JV is a Trojan that collects personal information when a user visits certain online banking sites and sends it to a remote server. This Trojan also ends processes associated with Microsoft Windows AntiSpyware (Beta) and prevents the user from accessing certain security Web sites.

TrojanSpy:Win32/Banker.JV drops TrojanSpy:Win32/Banker.JV.dll and registers it as an Internet Explorer browser helper object (BHO). The .dll file monitors user browsing activity and captures logon information at certain online banking Web sites. It then sends this information to a remote server.

TrojanDropper:Win32/Bagle.BS is a Trojan that targets computers running certain versions of Microsoft Windows. The Trojan drops a dynamic-link library (DLL) file that can download and run malicious files from certain Web sites.

TrojanDownloader:Win32/Bagle.BS.dll is a DLL component of TrojanDropper:Win32/Bagle.BS. When the Trojan dropper runs, it drops its DLL component. Thereafter, each time Windows starts, the Trojan dropper injects the DLL into the explorer.exe process space and runs the injected code.

Backdoor:Win32/Rbot.FP is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

PWS:Win32/Sinowal.M.dll is a data-stealing and backdoor Trojan. It is dropped by PWS:Win32/Sinowal.E. For more information, see http://www.microsoft.com/security/encyclopedia/details.aspx?Name=PWS:Win32/Sinowal.E

VirTool:Win32/Tibs.E.dll is a user-mode rootkit that may be dropped by a variant of Win32/Tibs or by variants of other malicious software. VirTool:Win32/Tibs.E.dll is injected into certain types of processes in order to hide certain malicious software on the computer.

PWS:Win32/Bzub.gen is a generic detection for the installer of a malicious web Browser Helper Object (BHO) or a DLL that may monitor typed logon credentials for accessed websites.

Exploit:Win32/Anicmoo.A is generic detection for exploit of a vulnerability in the way certain un-patched versions of Microsoft Windows handle animated cursor (.ani) files. Exploit could allow an attacker to remotely execute arbitrary code on impacted systems. Further details on the vulnerability are found in Microsoft Security Advisory (935423).

TrojanDownloader:Win32/Jowspry is a malicious application that uses the Background Intelligent Transfer Service (BITS) to download programs from the Internet, possibly using HTTP or FTP URLs to obtain the files.  After the file(s) are downloaded to the compromised computer, they are executed.

 

The use of BITS could allow TrojanDownloader:Win32/Jowspry to bypass some permission-based firewalls in order to install additional malware. This bypass relies on TrojanDownloader:Win32/Jowspry already being present on the system; it is not an attack vector for initial infection.

 

TrojanDownloader:Win32/Jowspry may try to masquerade as a non-executable file by using file icons associated with applications such as including Adobe Acrobat (PDF), Microsoft Word document files (.doc), or image icons.