Backdoor AcRedir.dll Backdoor.Win32.Surila.

k Surila is a Trojan backd

oor. The program is a Windows PE EXE file packed with Obsidium and written in V
isual C++. The packed file size is 244 KB and the unpacked size is approximatel
y 413 KB. Installation Upon being launched, Surila copies itself into the Wind
ows system folder under the name...
Trojan ehtray.exe Trojan.VBS.Regdelete.a This Trojan has a malicious payl
oad. It is 649 bytes in size. It is written in Visual Basic Script.
Backdoor avicap.dll Backdoor.Win32.Agobot.a Backdoor.Agobot (also kn
own as PhatBot) is a Trojan program which provides the author/ user with remote
access to the victim machine. It is managed via IRC. It has a wide range of func
tionalities: will not work with a debugger running or under Vmware it can run
both as a standard application and...
Spyware at.exe Trojan-PSW.Win32.Coced.215 This Trojan steals user password
s. It is designed to steal a range of confidential information. It is a Windows
PE EXE file. It is 10,240 bytes in size. It is written in Visual C++. Installa
tion Once launched, the Trojan copies its executable file to the Windows system
directory:...
Trojan btpanui.dll Trojan.Win32.KillWin.bl This Trojan program deletes the
Windows NT system file. The Trojan itself is a Windows PE EXE file, 296407 byte
s in size.
Spyware colorcpl.exe Trojan-PSW.Win32.LdPinch.ur This Trojan is designed
to steal user passwords. It is a Windows PE EXE file. The size of the infecte
d file may vary between 21KB to 86KB. It is packed using FSG.
Worm cryptdll.dll Worm.Win32.Doomjuice.b This worm spreads via the Intern
et, using computers infected by I-Worm.Mydoom.a and I-Worm.Mydoom.b to propagate
. Installation On launching, the worm copies itself to the Windows system dir
ectory under the name regedit.exe and registers this file in the system registry
auto-run key:...
Trojan debug.exe Trojan.Win32.DNSChanger.gn This Trojan downloads ot
her files via the Internet and launches them for execution on the victim machine
without the user’s knowledge or consent. It is an HTML page which contai
ns Visual Basic Script. It is 1445 bytes in size.
Dialer dpinst.exe Exploit.Perl.Small.a This malicious program exploits
a vulnerability in web server configuration in order to propagate. It is a Perl
script. It is 3437 bytes in size.
Adware dsuiext.dll Virus.DOS.Dnepr.377 It is not a dangerous memory res
ident parasitic virus. It copies itself into Interrupt Vectors Table, hooks INT
1Ch, 21h and writes itself to the end of COM files that are executed. Depending
in its internal counter the virus displays the message: DNEPR-CHAMPION
Worm FirewallControlPanel.exe Net-Worm.Win32.CodeRed.a CodeRed
(aka Code Red, Bady) is an Internet worm that replicates between Windows 2000 se
rvers running Microsoft's IIS (Internet Information Services) and the Microsoft
Index Server 2.0 or the Windows 2000 Indexing Service. It does this by exploitin
g a bug known as "Unchecked Buffer in the Index...
Malware icm32.dll Virus.DOS.Bye.641 It is a dangerous memory residen
t parasitic virus. It hooks INT 1Ch, 21h and writes itself to the end of COM fil
es that are executed. If during one hour there were no files infected, the virus
displays a message in Russian and reboots the computer. Me¡ c&frac12
;¿ om ñ...
Rogue ieUnatt.exe Virus.DOS.MIPT.602 MIPT.602 It is not a dangerous m
emory resident parasitic virus. It hooks INT 21h and writes itself to the end of
.COM files that are executed. The virus does not allow to open the LOGO.PIC, HE
RETIC.WAD, KB2.DAT files, it returns error code on such calls. The virus contain
s the text strings:...
Spyware KBDDA.DLL Trojan-PSW.Win32.Lmir.gen This family of Trojans s
teals passwords to the online game Legend of Mir. As a rule, programs belonging
to this family are written in high-level programming languages such as Delphi,
Visual C/C++, Visual Basic). File sizes vary, and the programs utilize a range o
f methods to install themselves to...
Dialer KBDINBEN.DLL Exploit.Perl.Small.a This malicious program exploits
a vulnerability in web server configuration in order to propagate. It is a Perl
script. It is 3437 bytes in size.
Worm KBDROPR.DLL Worm.SunOS.Sadmind Text written by Costin Raiu, Kas
persky Labs, Romania This is an Internet-worm that replicates between Sun Sparc
computers running the Solaris/SunOS operating system, and attacks Microsoft IIS
v4 and 5 Web servers. Cracked Micrsoft IIS servers will have their start page r
eplaced with one that...
Malware LangCleanupSysprepAction.dll Virus.DOS.Shifter.983 This virus infec
ts .OBJ files prepared to be compiled to COM files. The virus inserts itself int
o OBJ files so, that after linking to COM executable file the result contains th
e virus at the beginning of the file. When that file is executed, the virus rece
ives the control, hooks INT 21h and...
Dialer mfps.dll Exploit.HTML.Ascii.d This exploit uses a vulnerabilit
y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT
ML page. It is 2431 bytes in size. It is not packed in any way.
Worm mimefilt.dll Worm.Win32.Agent.i This malicious program is a worm
. It is a Windows PE EXE file. It is 71 168 bytes in size. It is packed using
UPX. The unpacked file is approximately 240KB in size. Installation When launc
hed, the worm creates the following folder: %System%\ace When launched, the worm
extracts the following file...
Adware msimtf.dll Virus.DOS.Carbuncle.622 Carbuncle is a dangerous memory
resident companion virus. It is the COM file 622 bytes of length. On execution i
t checks the system time, depending on current seconds value it either jumps to
infection routine or calls the trigger function. In infection routine the virus
creates the...
Rogue mstlsapi.dll Virus.DOS.Exorcist.212 It is a very dangerous nonmemory
resident overwriting virus. It searches for COM files, then overwrites them, an
d displays the message: Bad command or file name then returns to DOS. On 1st o
f any month the virus erases sectors on the C: drive. The virus also contains th
e text strings: [RED...
Backdoor netiohlp.dll Backdoor.WinCE.Brador.a Brador.a is a backdoor (
a utility allowing for remote administration of the infected machine) for Pocket
PC based on Windows CE and newer version of Windows Mobile. It is written in
ASM for ARM-processors and is 5632 bytes in size. After Brador is launched it c
reates an svchost.exe file in the...
Malware Netplwiz.exe Virus.DOS.SPE.CyberWarrior.5300.a It is a very dan
gerous memory resident polymorphic and stealth parasitic virus. It hooks INT 21h
and writes itself to the end of COM and EXE files that are executed, opened, cl
osed or accessed with Get/Set File Attribute DOS call. Depending on its counter
the virus erases the MBR of the hard drive...
Trojan NlsLexicons0009.dll Trojan.Win32.KillFiles.lm This Trojan has
a malicious payload. It is a Windows PE EXE file. The file is 368 128 bytes in
size. áàéò. It is not packed in any way. It is wri
tten in Borland Delphi.
Trojan nvdisps.dll Trojan.Win32.Killav.k This Trojan has a malicious payl
oad. It is a Windows PE EXE file. It is 11,264 bytes in size. It is packed usi
ng UPX. The unpacked file is approximately 24KB in size. It is written in C++.
Trojan ole2.dll Trojan.VBS.Regdelete.a This Trojan has a malicious payl
oad. It is 649 bytes in size. It is written in Visual Basic Script.
Adware PnPUnattend.exe Virus.DOS.Piz.2025 It is a dangerous memory residen
t parasitic encrypted virus. It hooks INT 1Ch, 21h, and writes itself to the end
of COM and EXE files that are accessed. Under debugger the virus erases the CMO
S. Sometimes it displays the message: +---++ + +-+ ++ +--+ + + | || ++
-++ ++| +-- | | +...
Malware prntvpt.dll Virus.DOS.Crasher.659 This is a very dangerous memory
resident parasitic virus. It hooks INT 21h and writes itself to the beginning of
COM files that are opened. The virus contains the string: (C) CRASHER X On De
cember 20th it erases C: drive sectors and displays the message: Dear users ! H
apy new year ! * / / /_ *...
Trojan rastapi.dll Trojan.JS.ExitW.a This Trojan is a JavaScript scen
ario. It can be found on web pages. The file is 706 bytes in size.
Malware sbunattend.exe Virus.DOS.TaiPan.Chroot.727 This is a harmless memor
y-resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE
files that are executed. This virus infects files that are executed, opened or
accessed by Get/Set File Attributes DOS call. It deletes the F-PROT anti-virus
and does not infect the file...
Rogue setbcdlocale.dll Virus.DOS.TurboExe.846 These are very dangerous
memory resident parasitic viruses. They hook INT 21h and write themselves to th
e end of COM and EXE files that are executed. While changing a current directory
the viruses search for the first EXE file, and infect it. When the TURBO.EXE fi
le is executed the viruses disable...
Backdoor spwizeng.dll Backdoor.Win32.Nanspy.f This backdoor program is
written in Delphi, and packed using UPX. The file is 211520 bytes in size. Ins
tallation The backdoor copies itself to the system directory as spools.exe. It
registers this file in the system registry to ensure that the program is launche
d each time Windows is rebooted....
Dialer SystemPropertiesHardware.exe Exploit.HTML.Ascii.e This exploit use
s a vulnerability in Internet Explorer (CVE-2006-3227) to run on the victim mach
ine. It is an HTML page. It is 1315 bytes in size. It is not packed in any way.
Dialer tzres.dll HackTool.Perl.IrBot.d This malicious program is a hack
ing utility. It is a Perl script. The size of infected files may vary from 12K
B to 69KB.
Dialer vdsutil.dll Exploit.IIS.Beavuh Beavuh is a malware exploit of t
he so-called MS IIS ".printer" vulnerability, which is described by Microsoft in
the "Security Bulletin MS01-23",released May 1, 2001. The MS01-23 Security Bu
lletin can be viewed at the following location:...
Worm w32time.dll Net-Worm.Win32.Aler.a This worm contains a backdoor fu
nction. It has been widely spammed via email. However, it does not spread via em
ail, but via network resources with weak password protection. Infected messages
Message subject Latest News about Arafat!!! Message body Hello guys! Latest
news about...
Spyware winsta.dll Trojan-PSW.Win32.Gip.108 This Trojan program is u
sed to configure Trojans which are designed to steal user passwords. The Trojan
itself is a Windows PE EXE file. The file is 43,520 bytes in size. It is writt
en in C++.
Adware wlanutil.dll Virus.DOS.Squatter.9742 This is a dangerous memory resid
ent parasitic highly polymorphic and stealth virus. It hooks INT 21h and writes
itself to the end of COM and EXE files that are accessed. Depending on their cou
nters the virus also infects the "C:\DOS\KEYB.COM" file, if it exists. The virus
does not infect the...
Worm wsecedit.dll Worm.Win32.Nuf This worm infects computers running unde
r Windows. It spreads via poorly protected network resources. The worm itself
is a PE EXE file. It is written in Microsof Visual C++. The file is approximatel
y 37KB in size. It is not packed in any way. Installation Once launched, th
e worm copies itself...