TrojanDownloader:Win32/Agent.ACF is a Trojan downloader that changes registry settings and downloads data from a remote Web site. TrojanDownloader:Win32/Agent.ACF may be installed by another Trojan dropper, such as a compiled HTML file or executable.

Backdoor:Win32/IRCbot.OP is a backdoor Trojan that connects to a remote IRC channel and listens for commands from remote attackers.

TrojanDownloader:Win32/Agent.AHD is a trojan that drops additional malware and downloads and executes arbitrary files.

TrojanDownloader:Win32/Cbeplay.B is a trojan that may upload computer operating system details to a remote web site, download additional malware, and terminate debugging utilities. This trojan may be distributed via spam e-mail, either directly as a password-protected zip attachment, or indirectly via a link to a remote copy of the trojan.

Trojan:Win32/Tibs.gen!lds is generic detection for a component of Win32/Tibs. This trojan downloads and executes malware from predefined Web sites.

PWS:Win32/Ldpinch.BC is a trojan that steals sensitive data. It also has backdoor capabilities, which allow the infected system to be remotely controlled by an attacker.

Backdoor:Win32/VB.CCK is a backdoor trojan that allows unauthorized access to an affected machine. This trojan could be instructed by a remote attacker to download and execute arbitrary files.

TrojanDownloader:Win32/Chansact.A is a trojan that runs as a service, and may contact a remote web server to download additional malware.

VirTool:Win32/VBInject.gen!U is a generic detection of obfuscated Visual Basic compiled malicious code. The malicious code or file is usually encrypted and/or compressed, and is decrypted and decoded before it is injected into a process or dropped and executed.

Backdoor:Win32/Beastdoor.DL is a trojan that allows unauthorized remote access and control to the affected computer. It also modifies certain settings on the computer.

Backdoor:Win32/Haxdoor.CX is a backdoor Trojan that opens and listens on three random TCP ports for proxy and remote access purposes.

VirTool:WinNT/Haxdoor.C is a kernel-mode rootkit-enabled Trojan that allows remote control of the infected machine over the Internet. The Trojan contains instructions that allow it to disable certain antivirus programs and firewall applications, log keystrokes, allow remote connections, lower security settings or perform other unwanted actions. VirTool:WinNT/Haxdoor.C gathers user and system information and sends it to a third party.

VirTool:WinNT/Haxdoor.B is a kernel-mode rootkit-enabled Trojan that allows remote control of the infected machine over the Internet. The Trojan contains instructions that allow it to disable certain antivirus programs and firewall applications, log keystrokes, allow remote connections, lower security settings or perform other unwanted actions. VirTool:WinNT/Haxdoor.B gathers user and system information and sends it to a third party.

Backdoor:Win32/Haxdoor.CN is a rootkit-enabled backdoor trojan that gathers private user data and sends it to remote attackers. Collected data might include user names and passwords, credit card numbers, bank logon credentials, or other sensitive financial information. On NT-based systems, files and processes related to a Backdoor:Win32/Haxdoor.CN infection may be hidden by a kernel-mode rootkit component. The Backdoor:Win32/Haxdoor.CN trojan also disables firewall software and may perform other malicious actions, such as clearing CMOS settings, destroying disk data, or shutting down Windows unexpectedly. Certain components of the trojan may be detected by Microsoft as Backdoor:Win32/Haxdoor.CG.

Backdoor:Win32/Haxdoor.CG is an NT-based driver component of Backdoor:Win32/Haxdoor.CN, a rootkit-enabled trojan that gathers private user data and sends it to remote attackers. Data collected by Backdoor:Win32/Haxdoor.CN might include user names and passwords, credit card numbers, bank logon credentials, or other sensitive financial information. On NT-based systems, files and processes related to a Backdoor:Win32/Haxdoor.CN infection may be hidden by a kernel-mode rootkit component. (This component is also detected as Backdoor:Win32/Haxdoor.CG). The Backdoor:Win32/Haxdoor.CN trojan also disables firewall software and may perform other malicious actions, such as clearing CMOS settings, destroying disk data, or shutting down Windows unexpectedly.

Backdoor:Win32/Bifrose.ACI is a backdoor Trojan that allows a remote attacker to access to the compromised computer, and injects its processes into the Windows shell and Internet Explorer.

Tool:Win32/CrackDownloader is a program designed to download 'cracks' and 'serials' to bypass software protection in an effort to legitimize software applications. Programs downloaded by Win32/CrackDownloader may contain other malware.

Windows Defender Antivirus detects and removes this threat.

 

Win32/Codbot is a family of network worms that targets computers running certain versions of Microsoft Windows.

 

Some variants of this family spread to network shares with weak administrator passwords. Other Win32/Codbot variants spread by exploiting one or more Windows vulnerabilities. The worm has a backdoor component that connects to an IRC server from an infected computer to receive commands from attackers.

Backdoor:Win32/Rbot.BX is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.EL is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.