WinNT/Rustock is a component of Win32/Rustock - a multi-component family of rootkit-enabled backdoor trojans, which were historically developed to aid in the distribution of 'spam' e-mail. First discovered sometime in early 2006, Rustock has evolved to become a prevalent and pervasive threat. Recent variants appear to be associated with the incidence of rogue security programs.

Backdoor:WinNT/Rustock.gen!B is a component of Win32/Rustock - a multi-component family of rootkit-enabled backdoor trojans, which were historically developed to aid in the distribution of 'spam' e-mail. First discovered sometime in early 2006, Rustock has evolved to become a prevalent and pervasive threat. Recent variants appear to be associated with the incidence of rogue security programs.

Trojan:Win64/Sirefef.B is a trojan that connects to a remote server to download arbitrary files which can include malware, such as other components of Sirefef, and may be present on an affected computer as a file named "consrv.dll".

Trojan:Win32/Sirefef.O is a trojan component of the Win32/Sirefef family, and is installed by variants of TrojanDropper:Win32/Sirefef. The trojan provides functionality for other installed Win32/Sirefef rootkit components.

Spammer:WinNT/Srizbi.A is a detection for the kernel mode component of the WinNT/Srizbi family. It patches varied native APIs and the NTFS file system driver to avoid detection. It can also hide its network traffic from the system firewall and monitoring programs to avoid detection of its spamming activity.

Cutwail is a trojan which is able to download and executes arbitrary files. Downloaded files may be executed from disk or injected directly into another process. Whilst the functionality of the files that are downloaded may change, Cutwail usually downloads a trojan which is able to send spam. Cutwail also employs rootkit and other defensive techniques to avoid detection and removal.

 

VirTool:WinNT/Cutwail.L is a device driver component (rootkit) used by Cutwail malware family. It contains functionality drop files and to run in Windows safe mode and Windows safe mode with network support.

Virus:Win32/Cutwail.F is a member of Win32/Cutwail - a multi-component family of malware that downloads and executes arbitrary files. This functionality is mostly used to install additional Cutwail components, and other malware on an affected machine. In general, the Cutwail family is used to compromise machines and direct them in various ways at the attacker's will, usually for monetary gain. This could include using the affected machine to distribute additional malware, send spam, generate 'pay per click' advertising revenue, harvest e-mail addresses, and break captchas. Its components are varied, but include trojan downloaders and droppers, spammers, rootkits and viruses. Cutwail also employs a rootkit and other defensive techniques to avoid detection and removal.

TrojanSpy:Win32/Ursnif.DI is a trojan that steals sensitive information from an affected machine.

VirTool:WinNT/Bancos.A is a driver installed by Win32/Bancos to detect and remove installed components of a security application used by Brazilian banks to protect customers from Internet banking fraud.

VirTool:WinNT/Rootkitdrv.HQ is a kernel-mode malicious rootkit driver. It is used to delete a specific file, modify registry keys to prevent processes from executing, and terminate processes.

Trojan:WinNT/Sirefef.H is a trojan that could intercept network traffic or inject code into other processes. It is installed by other malware such as TrojanDropper:Win32/Sirefef.B.

VirTool:WinNT/Koutodoor.A is a detection for a device driver component that is used by the Win32/Koutodoor family to modify the affected user's default Start page.

VirTool:WinNT/Ghodow.B is a component of Win32/Ghodow. It modifies the master boot record (MBR) of the local hard drive, and writes malware code as raw disk sectors from sector 02 through sector 57. VirTool:WinNT/Ghodow.B also writes a clean copy of the MBR in sector 01.

Trojan:WinNT/Bubnix.gen!B is a generic detection for a kernel-mode driver installed by other malware that hides its presence on an affected computer by blocking registry and file access to itself. The trojan may report its installation to a remote server, download and distribute spam email messages and could download and execute arbitrary files.

Trojan:Win32/Sirefef.AC is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.

Microsoft security software detects and removes this threat.

This family of malware uses stealth to hide its presence on your PC. Trojans in this family can do different things, including:

• Downloading and running other files
• Contacting remote hosts
• Disabling security features

Members of the family can also change search results, which can generate money for the attackers who use Sirefef.

Variants of Win32/Sirefef may be installed by other malware, including variants of the Trojan:Win32/Necurs family.

For more information, please see the Win32/Sirefef family description.