List of spyware, adware, malware, keyloggers, trojans, virusses and other nasties. With full details and removal instructions
Look it up in the list below or search our database.
This product can be used for more than simply montioring keystrokes. It can set up monitoring schedules to watch web pages that are visited. It also has a "solid stealth technology that prevents virus scanners and spyware detectors from finding/disabling it." (From their website :http://www.e-spy-software.com/index.htm) From their website: "007 Spy Software is a stealthy computer monitoring software which allows you to secretly record all activities of computer users and automatically deliver logs to you via Email or FTP, including all areas of the system such as email sent, Web sites visited, every keystroke (including login/password of ICQ, MSN, AOL, AIM, and Yahoo Messenger or Webmail), file operations, online chat conversation, and take screen snapshot at set intervals just like a surveillance camera directly point at the computer monitor."
http://www.e-spy-software.com/index.htm
008 Key Logger Remote is commercial monitoring software that can remotely connect to an infected system. The software can log keystrokes as well as other computer activity through a virtual screen camera. The gathered data is sent to a predefined email address.
Also known as: 123pcspy
123 PC Spy Key can record keystrokes, visited websites, and active programs. It can also capture screenshots and run invisible in the background. It sends the user a log via e-mail. From their site. "123 PC Spy is a powerful while easy-to-use spy utility that runs stealthly under MS Windows. This spyware allows you to monitor and record almost all activities on your PC, then it can create reports and send them to your expected email."
http://www.pcspy.info/
Also known as: MatrixDialer 123 mania
This is a spanish born adware.
http://www.123mania.com
Spanish Shopping Portal Dialer Translated roughly from the vendor in Spanish: "Contract of User: Using our program you specifically recognize and accept the following warnings and conditions: 1) the access to this Web, ace ? like a its contents and services est? ?nicamente allowed to people of legal age. 2) You must be of legal age in his pa?s of residence (in the case of Espa?a, greater of 18 a?os). 3) When accepting the "Certificate of security" or the unloading of the file that shows its navigator, knows that instalar?n in its PC the programs that permitir?n to connect to him with our services. As?mismo, for its comfort, colocar?n direct access in its system to facilitate pr?ximas to him connections. 4) You not exhibir? this material to minors or any other person who can be victim or who do not fulfill these conditions. 5) You deber? to pay the costs of conexi?n telef?nica. Knowing that to the program him desconectar? autom?ticamente of present his conexi?n and him conectar? to a special n?mero of tarificaci?n 906. Price MAXIMO per minute is of 1.06 euros from the fixed network of telefon?a, and 1.357 euros from the m?vil network, taxes including. You tambi?n know that at any time podr? to to this end become disconnected of our services using bot?n existing, extinguishing his m?dem or hanging tel?fono seg?n comes in each case. The system him desconectar? autom?ticamente passed 30 minutes, deciding you freely if you wish to connect again. 6) All the rights of copyright and any other rights of intellectual and industrial property are reserved in favor of the holders, authors, publishers, people in charge and/or proprietors of this Web. As?mismo recognizes that estar?n in any case exentos of any responsibilities of ?ndole personal and/or econ?mica that could derive: ?) Of the access of minors. 6b) Of utilizaci?n of the program or software that allows the access to the services. 6c) Of the access and/or utilizaci?n that any user makes of the contents and services. 7) For resoluci?n of any controversies to ra?z of the present document, of the access to the Web or anyone of his contents, you he is specifically put under the espa?olas laws and jurisdicci?n of the courts and courts of the city of Madrid, Espa?a, to which he confers ?nica competition exclusively and. 8) we requested to Him that if does not understand, does not fulfill or it does not accept some of the ends contained in the present contract does not continue with conexi?n. Identificativos Data: Matrix Technology Network, S.A. CIF A-83491530 Apdo. 28080 Post office 13180 - Madrid"
http://www.masminutos.com
Also known as: ADW_17lele (TrendMicro) Adware-17Lele (Mcafee) Trojan-Downloader.Win32.Agent.et (Kaspersky) TR/Dldr.Agent.ET Trojan.Downloader.Agent.Et.S
Connect to the internet and downloads files without users knowledge.
Also known as: Other Products: SVA Player SVAPlayer 180solutions 180 solutions MetricsDirect 180search Assistant 180 search Assistant
Company appears to have evolved from the old "paid-to-surf" program Epipo. Comes along with some "advertiser supported" programs, a tactic known as bundling. Depending on the program (180 Solutions markets several) it may pop-up ads or in the case of the Zango application it may pop-up other websites based on keywords you use while surfing or searching. It is important to note that 180 Solutions derives financial benefit by popping up these 3rd party websites. To the best of our knowledge 180 Solutions does not track or store personally identifiable information as per their privacy policy. However it does transmits logs of every web page you visit. The URL or keyword is passed with a unique identifier to their advertising server when a targeted advertisement is shown. With the later versions of their software this logging can be disabled by using the tray icon. Heavily distributed through the use of "affiliates" via a process called bundling. Recent research by Ben Edelman (http://www.edelman.org) reports that it has been installed via browser security holes. We have also noted that 180 Solutions applications are often installed with a number of other adware programs at the same time causing an extreme load on the PC. It has also been noted that these applications have been force installed by web sites (affiliates) or Windows Media files. Company claims it no longer distributes n-case although it is unknown how many legacy installations are still in circulation.
http://www.180searchassistant.com/home.html
It shows Targeted adds on users computer based on the content of users search. From Authors EULA: 1.Web3000.com and JSoft Consulting may provide aggregate statistics about customers such as your traffic patterns, and related site information to reputable third-party vendors in order for Web3000.com and JSoft Consulting to obtain valuable promotional offers to provide to you. 2.In order to provide this service, Web3000.com and JSoft Consulting collect information on your web usage that remains anonymous to third parties. 3.Without revealing your Personal Information to third parties, Web3000.com and JSoft Consulting will seek out high-value offers and great deals from commercial partners and advertisers that match your interests.
This adware product is in the form of a toolbar downloaded via active X control. It is very similar to the behavior of ISTBar and 2020Search.
http://www.2-seek.com
Also known as: 2000Cracks.100 Bigorna.100 GateCrasher.110 NetController.108 Sparta.110 VagrNocker.120 VagrNocker.200
This is a trojan originating from evil eye software. Infection consists of a single executable called sparta.exe.
Also known as: Istbar.2020Search
This toolbar is installed by active x download from their website. You must first check a box signaling that you have read their very long EULA. It will prompt you to install the file and before you know it you have toolbar on your IE browser. From their EULA paragraph 3: "THE TOOLBAR MAY BE OFFERED TO YOU BUNDLED WITH ANOTHER THIRD PARTY SOFTWARE APPLICATION (A "THIRD PARTY APPLICATION"). SUCH THIRD PARTY APPLICATION IS OWNED OR LICENSED BY A THIRD PARTY AND THIS EULA DOES NOT APPLY TO YOUR USE OF SUCH OTHER THIRD PARTY APPLICATION, REGARDLESS OF WHETHER THE TOOLBAR AND THE THIRD PARTY APPLICATION CAME BUNDLED TOGETHER. YOU AGREE THAT 2020SEARCH SHALL NOT BE RESPONSIBLE FOR ANY LOSSES, DAMAGES, INJURIES, CAUSES OF ACTION, CLAIMS, DEMANDS OR EXPENSES, INCLUDING LEGAL FEES AND EXPENSES, OF WHATEVER KIND OR NATURE ARISING OUT OF, RELATING TO OR RESULTING FROM THE THIRD PARTY APPLICATION."
http://www.2020search.com
This is an older adware. Their website has been shut down due to abuses apparently. It is unknown if legacy versions still exist.
http://www.20x2p.com
2M Free Tetris bundle's potentially unwanted software like Comedy-Planet , webhancer.
Also known as: Second Thought Trojan.Win32.SecondThought.ag SecondThought SecondThought.A
Accepting their "second opinion when you surf" actually gives you a toolbar named "Mysearch". 2nd-thought will redirect your searches as long as it is installed on your computer. Browswer hijacker that will reset your home page and often redirect your searches to porn sites. Sometimes it will prevent you from changing your home page.
http://www.2nd-thought.com
Also known as: Adware.2Search (Symantec) clsIESpy GoogleCatch 007guard 007Installer The007Guard msnnames msn names IM Names IMNames
2Search is an adware component that installs as a Browser Helper Object, tracks key words entered into search pages and displays advertisements. For specific search words, this adware inserts custom results (exactly 3 results) at the top of the google?s result page. Tracks search words entered in google and other search pages then sends them to its controlling server.
2Spy is an application for monitoring, intercepting, and logging system messages on your machine such as keystrokes, mouse clicks, window activations, and so on. 2Spy can log everything you type and do: applications you use, sites you visit on the Internet, email you write, games you play, music you listen to, and more. It can even log noncharacter keys. It can silently capture your desktop or active window at various specified intervals and save it as an image onto disk. It will add time stamps to all events and log every caption in the active window title bar, as well as text on all controls. It can stay totally invisible from the user: it is invisible in the task list, in the task bar notification area, and in the system tray. 2Spy saves everything to a log file that can be located in any folder you like. The log is saved as a standard text file and can be seen or deleted directly from 2Spy. In addition, the log file can be dynamically encrypted. You can protect unauthorized access to 2Spy with a password. This product installs a adware payload.
http://www.freedownloadscenter.com/Utilities/System_Analysis_Utilities/2Spy_1_4.html
3D Falling Icons installs 180search Assistant, Seekmo Search Assistant, and Zango Search Assistant along with it. From EULA : The Licensed Software will run in the background on your computer and may periodically direct you to our sponsors? websites. By installing and/or using the Licensed Software you grant permission for 180 to periodically display sponsors? websites to you.
Also known as: third eye 3rd Eye
From their website: "3rdEye Software emails all logfiles to you secretly. Monitor activity from anywhere. Automatically Records: Keystrokes & Passwords typed Screenshots of websites visited" This keylogger's home page no longer exists. It is unknown if legacy versions are still in cirulation.
http://3rdeye.ws/
404Search is adware targeted at 404search.com. It uses sites controlled by the Kanoodle search engine. The 404search engine uses an IE BHO named 404search.dll.
http://www.404search.com
4t Web Camera is designed to bring live up-to-date Web images such as web cameras snapshots, financial charts, and weather forecasts directly to your desktop. It also has the capabilities to set up several web cameras on your desktop and create and save a 'play list' of your favorite web cams.
http://www.4t-niagara.com/webimage.html
Dialers are software that dials a phone number. This usually happens without the end user knowing about it - causing long distance charges.
This dialer makes it easy for their advertisers to collect statistics on their product. From their website: "Our service includes: Worldwide billing Statistics/reports are in real time with drill down capabillities Unlimited Webmaster and Technical Support GlobalPhon supplies you content to market your traffic better"
http://globalphon.com/index.asp
This adware makes it facilitates Madison Administration Inc. to display ads from their affiliates. From their website: "Each ad delivered points directly to your site allowing you to control your content and try new approaches instantly." This is refering their advertiser portion of their website.
http://www.7adpower.com
Also known as: WebCastAccelerator
91Cast displays pop-up advertisements.
Allows attacker remote access to computer.
:DaCamYo! is a Webcam software that enables it's users to upload and archive webcam images, make your own webcam page, style-presets, archive-tools, online slide show and live-memo as well as graphic-effects like Mirror, Invert, Grayscale, Blur, Noise, Mosaic, Emboss, Spray, Blend, Mix-up and many more while also enabling you to create your own combination effects.
http://en.neuesvon.de/dacamyo/
A polymorphing Trojan that uses multiple startup entries.
From the Website: "So how do you know what your staff, children, spouse or significant other type on your computer when you are away from it? Are they working on your account - or playing solitaire? @KeyLogger surveillance software can tell you exactly who is doing what on which PC at any time during the day or night. The @KeyLogger records every keystroke made on your computer on every window, emails, messages, documents, web pages, usernames, even on password protected boxes, and more." Their site has been listed for sale. Legacy versions of this software are still in circulation.
Also known as: ABetterInternet SPYW_BISPY.A [Trend Micro] PSW.Bispy.A [Trend Micro] TR/BiSpy.DLL.B [Trend Micro] Adware.Binet [Pest Patrol] ceres nail.exe nail DRPMon Best Offers Network binet
This adware program has an .EXE and a .DLL file component. The .EXE component looks for certain registry entries and deletes them, while the .DLL component maintains a particular registry entry related to a BHO. Often this product is bundled with more than one adware program. Reports of Ceres and Nail.exe being bundled and distributed through unlicensed content via BitTorrent. Company denies responsability of distribution and claims this occured through "rogue affiliate distributors".
http://www.bestoffersnetworks.com/
Allows remote control of the infected machine.
Also known as: BackDoor-JJ Bck/A-Trojan.20 Trj/PSW.Atrojan Trojan.PSW.Atrojan.20 Win32.PSW.Atrojan.20 Win32/PWS.Senha.Trojan InsaneNetwork.400
The site where this trojan originated has been removed. It is unknown whether legacy versions of the main executable are still in circulation.
Also known as: Anonymity 4 Proxy
A4Proxy is a local proxy server operating a large database of anonymous public proxy servers located all over the world. A4Proxy redirects all requests for web pages to the proxy servers to make you anonymous to the websites you visit.
http://www.inetprivacy.com/a4proxy/review.htm
This is a keylogger that allows you to record and store acitivity on your computer. This normally includes chat conversations, e-mails, and websites visited. Then it stores them in a text or html webpage format. From thier site: "It allows you to record any activity on your computer. The log file can be saved in TXT or HTML format. It will record the window name which got focus and/or all the keys pressed and/or the window image. The picture can be saved as BMP or JPG."
http://www.abysoftware.com/
This keylogger logs the keystrokes from the machine it is installed on. It can also take screenshots of in jpeg format.
http://www.abckeylogger.com
ABCScrabble is a vector for YourSiteBar, Comedy-Planet, webHancer, etc and displays popup advertisements based on websites visited.
ABF Photo Camera allows users to capture screenshots from a web-cam or other capture devices. Users may take real time or delayed photo's as well as customize the ABF Photo Camera's interface.
http://www.abf-soft.com/photo-camera.shtml
Also known as: W32.Abotus.Worm@m, Aboutus, I-Worm.Aboutus
Abotus is a worm that will attempt to reply to all messages in the Microsoft Outlook inbox.
Also known as: about:blank
An invasive Hijacker that copies multiple files and morphing startup entries on every boot to avoid detection and removal. Symptoms include: About:Blank as your homepage Excessive pop-ups (normally porn related) Randomly generated files names This is quite possibly one of the most difficult kind of infections. Many times in order to get a computer completely rid of this pest, a professional spyware researcher must be consulted.
Also known as: Downloader.Abox Troj/Abox-A(SOPHOS) FunBox
Downloads unwanted software without users knowledge. Uses FTP and Http to connect to its server. Installs a tray icon with shortcuts to porn sites.
Absolu-trans is a dialer program used to access pornographic websites by dialing a high-cost phone number using the modem.
Absolute Key Logger is a small program that records all keystrokes into a log file, so that you can use this data later. It is a program that is installed by the user of a computer to explicitly monitor the activity of other users. These types of program can be installed using stealth tactics to hide themselves from other users. From their website: "Absolute Key Logger is a hidden keystroke recorder. Absolute Key Logger records all keyboard key strokes into a log file, so that you can use this data later."
http://lastbit.com/akl/default.asp
This is an ad supported free software download. There is also a deluxe version available without adware. Before the installation begins you are given a EULA where it states that 'advertising technology' will be installed with the program. During installation, you are asked to fill out a survey as part of the installation. It asks question such as income status, gender, education, zip code, and your interests. This is to better understand what kind of advertisements to send you.
http://www.absoluteyukon.com/
Also known as: Adware.ABXToolbar [Symantec]
Popular domain names are being directed to rogue servers through an attack dubbed "DNS cache poisoning". Upon landing on these web addresses The ABX toolbar gets loaded into the PC. This appears to happen via an ActiveX control embedded in multiple iframes. ABX is a Browser Helper Object (BHO) that displays a large number of unlabeled pop-up ads. Search Page/ Start Page of Internet Explorer are also modified. Active-X Control installation can be vaccinated against by using the Free SPG Blocklist at http://www.spywareguide.com/blockfile.php
http://www.abx4.com
Also known as: Ngd DCON
Dialers are software that dials a phone number. This usually happens without the end user knowing about it - causing long distance charges.
http://www.accessplugin.com
This is an ad supported gambling program. This program displays gambling related pop-ups when surfing the internet.
http://www.aceclub.com
Also known as: Ace Notes
ABX Toolbar displays popup adds in Internet Explorer (IE) and modifies the users Search and Start pages without consent.
This is a keylogger program that specializes in capturing screen shots of the machine it is installed on.
Also known as: Ace Spy
AceSpy monitors PCs by taking screenshots, keeping key logs, including chats, e-mails, web sites visited, searches performed, and more. AceSpy is completely hidden to the PC user, and you can have reports sent directly to your e-mail address. Keywords that you specify trigger the program to send you instant alerts. Also you can set your keywords to close a web browser if it encounters any of your listed words. From their website: "AceSpy is PC spy software for home or office use. Secretly see everything your spouse, child or employee does online. Instantly forward their emails and chats to your email address. Block web sites by keywords or site addresses. Get an hourly report email containing everything they do."
http://www.acespy.com
Also known as: Acid Shiver Backdoor.AcidShiver.Kor PWS-Shivers Trojan.PSW.AcidShiver
From the Website: This trojan runs on a random tcp port each time it's started and it sends an email to the infector, telling them the info. To connect to it, you need to connect via telnet on the specified port. Everything is command line based but it's still a very good Trojan. Btw if you add a cool feature please remember this is an open source project..." Functions - Lists most of the commands (description of command) - Hide a task from control + alt + delete - Show a hidden task in control + alt + delete - List Contents of Current Directory - List Contents of Current Directory - Change To Specified Directory/Drive - Clear Screen - Kill Process by PID (Shown in PS) - Shows Running Processes - Deletes Specified Files - Change Port Acid Shiver Listens on (Until Next Reboot) - Change to default Windows Desktop folder - Change to Windows Recent folder - Change to default WS_FTP folder - Show Version Number of Acid Shiver - Show physical, RAM, CD-ROM, and Network drives - Relay connection to host on port, Control + C to abort - Sendkeys to active window - Show Ethernet stats and physical address - Rename the users computer - Shows DOS Environment variables - Beeps the specified number of times - Type 'CDROM' for more information - Terminate Acid Shiver - Rename a specified disk drive - Type 'Shutdown' for more information - Retrieves information on specified drive - Disconnect a session by socket index show in 'STATUS' - Shows users current system date - Shows some general system information about host and user - Show the state of all sockets used since last reboot - Retrieve specified file - Retrieve specified file in hex form - Run the specified shell command - Run the specified command and display results (may lock up) - Make a new directory - Remove a directory and all files and subdirectories inside - Copy file1 to file2
Also known as: BackDoor-DE, Backdoor.AcidBattery
Features: "fun stuff", hide C-A-D, freeze sys, FTP, screendump, ICQ sniffer, msgbomb, delete files, shut down system. Compressed with ASPack Their website is listed as not active. It is unknown whether legacy versions of this trojan are still in circulation.
Also known as: Backdoor.Acidoor, Backdoor.Acidoor.11
Acidoor is a Trojan that gives a hacker unauthorized access to your computer. By default, it uses ports 4432 and 4433. It is unknown whether this trojan is still in circulation.
This will give an attacker access to your computer. It is unknown if this trojan is still in circulation.
This will dial a pornographic number causing massive telephone charges. Translated from Italian to English: This is the disclaimer: Attention: situated classified to the adults This situated one contains of the elements audiovisual aids (images, clip video) and/or of the witnesses to erotico and pornografico character. It introduces moreover of the situations to sexual character that put in scene of eterosessuali, bisexual, homosexual or transessuali the persons. The persons of inferior age to the 18 years, as also those susceptible ones of being annoyed from a similar content, are not authorized to visit this situated one and are they prohibited to approach you directly or indirectly or to telecaricare, to acquire, to visionare, to read, to listen to or to possess whichever document of this situated one, like as an example photographic rows, acoustic rows video, rows, written elements, advertising elements or whichever other message, mass media or contained you belong to this situated one. If an inferior age to 18 years is had, also is formally prohibited to pass to an order for an article or a service supplied on this situated one. Parimenti, whichever not authorized reproduction of the content of this situated one is formally vietata.La consultation of whichever document contained on this situated one is classified to a public adult and in places in which the document consultation such it turns out in conformity with the customs, the rules and the laws in vigor.
Also known as: Backdoor.Acropolis.10, BackDoor-NM
When launched, the Trojan opens a network connection on ports 32791 and 45673. This gives a remote operator the capability to use your computer to send messages using mIRC.
This is a free keylogger program that monitors and records all activity on the machine it is installed on. From their website: "Actions Monitor is a Windows based application designed to monitors,display and save all file system activity on a system. Program shows you which applications and processes have opened or loaded.Actions Monitor records all file system actions which has been executed and allow to save it to text file for further analysis."
http://www.segobit.com/am.htm
This keylogger is identical to Active Keylogger. From the Website: Active Keylogger Home Features: Completely invisible and undetectable in Windows(95/98/ME/NT/2000/XP) Interface very Easy to Use, even for beginners Record everything on the computer Chat Spy Web Spy E-mail Delivery Change Process Priority Clear Log File After Successful E-Mail Dellivery Compatible with All Windows? OS Shortcut key for unhide mode Shortcut key for view log Log Location Enabled or Disable program
http://www.winsoul.com/activekeyloggerhome.php
Also known as: Adware-ActivShop(Mcafee) Activshopper Activ shopper Activeshopper Dealbar
This program adds a sidebar with Internet Explorer. The side bar keeps launching every time something is searched on famous search engines like Google, Yahoo, MSN, Search.com, Ask, AOL,..etc., and shopping sites like amazon.com.
http://www.activeshopper.com/
From their website: Our Active-X Dialer provides access to users with a modem as well as cable / DSL / LAN users.
http://www.global-acces.com/
Also known as: 411 Active Search Wast Giant Explorer 411 Ferret
This software program is much like their other two products siteguide and travelcover. They monitor searches so that they can target advertisements to show you. Their site is no longer active. There may be legacy versions of this software still in circulation.
http://www.activesearch.com
It is unknown if this keylogger is still in circulation.
From their website: "Activity Keylogger records all keystrokes typed, chat conversations, screen, websites visited, system clipboard and more. During monitoring sessions Activity Keylogger can be customized to be completely invisible and cannot be seen in the taskbar, task manager and system tray. Activity Keylogger exports log reports to HTML files and emails to you automatically, so you can conveniently read the reports in a browser such as Internet Explorer."
Activity Logger is a computer surveillance software that invisibly records to the log file Internet surfing URLs, key strokes in email, chats or any application, programs user runs and work duration in every application, takes screenshots, like video surveillance camera. Captured snapshots can be viewed later as the slide show. Log file can be emailed to you silently when computer goes online. From their Website: " Computer monitoring software that runs invisible and records how your employee, child or spouse uses computer. Activity Logger is a computer spy software that invisibly records to the log file visited Internet URLs, keystrokes in email, chats and all applications, programs user runs and work duration in every application, records screenshots, like video surveillance camera. Captured snapshots can be viewed later as the slide show. Log file can be emailed to you silently when computer goes online."
http://www.softactivity.com/
Also known as: Activity Monitor
This surveillance software is for real time monitoring and continuous tracking of users' activities on network connected computers. View remotely in real time screens of the remote computers, typed keystrokes, Internet surfing history, used applications, record all activity to the log file. From their website: " Monitor all computers in LAN remotely from a single administrator's PC. Keep an eye on your employees or students. Do they play games or surf Internet during the work time? What do they write in email or chat? This computer spy software is for real time monitoring and continuous tracking of users' activities on network connected computers. View remotely in real time screens of the remote computers, typed keystrokes, visited Internet sites history, used applications, record all activity to the log file and do much more with this powerful and easy to use program."
http://www.softactivity.com/employee-monitoring.asp
From their help document: "The ActivityX custom control is designed to allow an application access to the powerful facilities of windows journaling. Possible applications of this include macro recording and playback abilities within an application, building simple CBT applications,recording scripts for application testing, automating repetitive tasks or using as an alternative to the sendKeys command. Sets of recorded messages can be stored to file and played back later at either recorded speed or high speed. All messages can be recorded or this can be restricted to keystrokes only. Messages can be recorded relative to the position of a specific window by setting a RelativeToHwnd property at run time, this being of particular importance to messages whose effect depends on the cursor position such as mouse clicks or drag over events. Playback of messages can be aborted by pressing the ESC key or this feature can be disabled by setting a property in the control."
Also known as: STARR
Effective security on computers can save a computer user thousands of dollars every year. This stealth-monitoring utility provides the PCs equivalent of the security camera (and much more), increasing security dramatically, whilst causing no disruption to working practices or draining network resources.
http://www.iopus.com/starr.htm
From their website: "ActMon Computer Monitoring (ACM) is a PC and Internet monitoring software for monitoring designated workstations. The Home Edition can also be used for Parental Control."
http://www.actmon.com/
From their website: "ActMon PRO is the popular all-round monitoring solution. It allows companies and individuals to track the use / abuse of PCs easily and invisibly. ActMon monitors all activities on computer systems including applications, keyboard, passwords, chat, email, and visited websites. Unique features include the ability to log the passwords typed during the Windows 2000/XP login. To avoid tampering of the software, it features a unique file protection that makes the ActMon files truly invisible to every user and every windows software."
http://www.actmon.com/computer-monitoring/?ref=padacm
Also known as: AdvSearch SearchPike BrowseProxy Actual Names
The ActualNames software is an address bar search hijacker targeting IE, Netscape and AOL browsers. It also seems to contain components to interfere with the sending of mail from various applications and web sites. However, the function of these files has not been pinned down. ActualNames can silently download and execute arbitrary unsigned code from its controlling server actualnames.com, as a self-updating feature. ActualNames/BrowseProxy is also a severe security hole as it allows any web site to execute arbitrary programs.
http://www.actualnames.com
Also known as: httpload
An ActiveX control that downloads and installs files. Used by ispdialer.com (now nocreditcard.net) to install premium-rate diallers, generally for porn sites. This is a pay-per-month pornography site.
http://www.nocreditcard.net
Advertisement software that creates pop-ups and is usually bundled with other adware applications.
Also known as: Ad-Popper
Little is known about this adware program's origins.
Displays bannered advertisements on users desktop.
Also known as: ad bars Dialer.Rubosk(Sunbelt)
This is an adware program that centers around a toolbar that attaches itself to your Internet Explorer browser. This is a spanish adware program.
http://www.adbars.com
Also known as: ESD Technologies, Inc
Adware, also known as an Adbot, can do a number of things from profile your online surfing and spending habits to popping up annoying ad windows as you surf. In some cases Adware has been bundled (i.e. peer-to-peer file swapping products) with other software without the user's knowledge or slipped in the fine print of a EULA (End User License Agreement). Not all Adware is bad, but often users are annoyed by adware's intrusive behavior. Keep in mind that by removing Adware sometimes the program it came bundled with for free may stop functioning. Some Adware, dubbed a "BackDoor Santa" may not perform any activity other then to profile a user?s surfing activity for study. AdWare can be obnoxious in that it performs "drive-by downloads". Drive-by downloads are accomplished by providing a misleading dialogue box or other methods of stealth installation. Many times users have no idea they have installed the application. Often Adware makers make their application difficult to uninstall. A "EULA" or End User License Agreement is the agreement you accept when you click "OK" or "Continue" when you are installing software. Many users never bother to read the EULA. It is imperative to actually read this agreement before you install any software. No matter how tedious the EULA, you should be able to find out the intent BEFORE you install the software. If you have questions about the EULA- e-mail the company and ask them for clarification. If they cannot clarify this do not install the software. From the Website: "The Adblaster Corporation offers advertisers a breakthrough way to communicate one-to-one with millions of consumers, anywhere on the web. With patent pending filtering technology we can deliver pop campaigns to our users that never appear next to objectionable material"
Adware, also known as an Adbot, can do a number of things from profile your online surfing and spending habits to popping up annoying ad windows as you surf. In some cases Adware has been bundled (i.e. peer-to-peer file swapping products) with other software without the user's knowledge or slipped in the fine print of a EULA (End User License Agreement). Not all Adware is bad, but often users are annoyed by adware's intrusive behavior. Keep in mind that by removing Adware sometimes the program it came bundled with for free may stop functioning. Some Adware, dubbed a "BackDoor Santa" may not perform any activity other then to profile a user?s surfing activity for study. AdWare can be obnoxious in that it performs "drive-by downloads". Drive-by downloads are accomplished by providing a misleading dialogue box or other methods of stealth installation. Many times users have no idea they have installed the application. Often Adware makers make their application difficult to uninstall. A "EULA" or End User License Agreement is the agreement you accept when you click "OK" or "Continue" when you are installing software. Many users never bother to read the EULA. It is imperative to actually read this agreement before you install any software. No matter how tedious the EULA, you should be able to find out the intent BEFORE you install the software. If you have questions about the EULA- e-mail the company and ask them for clarification. If they cannot clarify this do not install the software. AD-BLOCK is a software application, which is intended to suppress .pop-up. windows from appearing during use of Internet Explorer 5.0 and higher, operating on Microsoft Windows 95/98/ME/2000/XP platforms. AD-BLOCK also directs Internet Explorer 5.0 to a search page when the user enters a Uniform Resource Locator which is non-existent or otherwise would resolve to an error page or other browser redirection service, in order to provide a search function for finding internet resources as directed by the user. Linkz Internet Services does not maintain individually identifiable user information, nor does Linkz Internet Services maintain any record of information entered by the user into their browser during operation of AD-BLOCK. In the performance of the search re-direction function, the user may be directed to a search page operated by Linkz Internet Services or its affiliates. In such an instance the web server may maintain customary records of the user.s IP address, the date and time of access, and will record the search query made by the user for the purpose of generating aggregate search statistics.
http://adblock.linkz.com/Home.php
Also known as: Adbreak.d
AdBreak consists of a Browser Helper Object which opens pop-up advertising as you use Internet Explorer, and a task run at startup which highjacks your home page, search and error pages to point to AdBreak's servers. AdBreak appears to be out of circulation. Its domain name, adbreak.com, is listed for sale. AdBreak appears to be out of circulation. Its domain name, adbreak.com, is listed for sale.
http://www.adbreak.com/
AdCalls is a dialer that enables the user to call anyone in the US or Canada at anytime on their home or mobile phones. This also includes International calls. Some advertisements, special offers, and coupons are included directly from the ad viewer.
http://www.adcalls.com/iframe_2.html
Also known as: AutoAlexa
This is a trojan that installs the alexa toolbar without user consent in order to inflate the alexa ranking of the distributor's website.
Also known as: Troj/Fakespy-B ADclicker-BM(Mcafee)
Runs in the background and periodically pops up a warning that there is a problem with your computer. Can display a warning message from the system tray that your computer has spyware. Clicking the warning message will take you to a website to download antispyware software that does not do what it claims. This adware program could also be called a trojan due to its elusive installation and hijacking methods.
Also known as: Ad Destroyer
Advertised as a spyware remover. This software delivers ads to your computer and may or may not be targeted to your search. Http://www.addestroyer.com is no longer active.
Also known as: Adsincontext Adgoblin - Adsincontext
Not much is know about this system, except that it installs popup ads on the users machine and has "callbacks" to the controlling server. This site is no longer active.
http://www.adgoblin.com/
Also known as: HOT Dialer
Adh1_sexarea is a dialer which can be used to access pornographic websites by dialing a high-cost phone number using a modem.
Also known as: ad logix Adware.Adlogix (Symantec) Adware-AdStart (McAfee)
From the publisher: Adlogix is a next-generation ASP providing an intelligent technology platform to help advertisers, publishers (website owners) and media buyers plan, manage and distribute any rich media or advertising campaign over the internet, ITV or wireless devices. Has been seen to be installed with a rootkit to hide files.
This adware program sends sends you ads based on your internet behavior. From their website: "AdManager allows you to increase targeting capabilities, to speed ad delivery, and to monitor and control inventory projections in real-time, leading to higher CPMs and less unsold inventory. AdManager's flexible architecture provides innovative online ad management technologies both as an outsourced solution (AdManager Hosted) and as a site-side solution (AdManager Licensed)."
http://www.accipiter.com/products/admanager.php
Also known as: BHO.WStart
Many users complain about this adware program infecting their computer as a BHO. Users should be cautious of WStart.dll showing up on their computer as a 02 entry in X-ray PC.
Also known as: Ad Partner
ADPHONE is a free worldwide VoIP application that enables you to call any phone wherever you are in the world.
http://www.adphone.com/
Registers itself as a Browser Helper Object. Displays popup advertisements.
Also known as: TrojanClicker.Win32.Adpower.b adpower ad power
This is a dialer application used by some adware programs.
Also known as: Pugi/SearchExplorer
Also known as: AdRoar Adware.AdRoar
AdRoar is a Browser Helper Object that is used to display pop-up advertisements. May download and install updated versions of itself.
http://www.adroar.com/
Also known as: Iconads
AdRotator will display advertisements on your computer.
http://adrotator.com
This is a rogue anti-spyware. This is on the Rogue Anti-Spyware list provided by Spywarewarriors.com http://spywarewarrior.com/rogue_anti-spyware.htm
adware-remover.net
Also known as: Ads Store
Displays ads from the ads-store.com website
Displays popups and popunders.
Adtomi is a stock tracking program that will display pop-up advertisements in the background. Adtomi hijacks users home page and opens pop-up windows.
http://www.adtomi.com
From their website: The AdTraffic search assistant software resides in the Address Bar of your browser enhancing your online experience without interruptions. AdTraffic sits in the background of a users computer and only presents itself when a URL is misspelled, a keyword is written in the address bar, or a broken link is clicked. When a URL is misspelled or a broken link is clicked, AdTraffic will deliver a page where the user can correct the error and search for the correct purpose. When a keyword is typed into the address bar the software will deliver direct search results based on the keyword indicated. The results are made up of 20 different pay per click search engines, delivering relevant quality results the user can browse to find what they are looking for. Changes Internet Explorer hompage and redirects error and search pages.
http://adtraffic.net
Dialers are software that dials a phone number. This usually happens without the end user knowing about it - causing long distance charges.
Also known as: AdultLinks AdultLinks/LinkZZ AdultLinks/QcBar QaBar adultsearch Adult Links
Adds dubious links to your browser, desktop and start menu.
http://www.adultlinksco.com
Also known as: Dialer.WE; lsdialer
Adult.lsdialer is an adult content dialer.
Also known as: Dialer.Lusval (Symantec), Dial/Laet-B (SOPHOS), Global Cash Solutions Dialer
This will change your dial up settings to dial a specific number causing massive charges.
Advanced Cleaner displays fake alerts in trojan payloads in order to scare the user into purchasing their product.
As quoted from their website: Advanced Computer Monitor (ACM) is a complete software solution for monitoring personal computers in the home or in the business/corporate world. ACM will monitor keystrokes, log URLs visited, monitor applications executed, and log screen snapshots. ACM supports automatic emailing and FTP'ing of password protected ZIP files.
http://www.zemericks.com/
From the website: Advanced Email Monitoring is new spy software tool from variety of Internet monitoring Software available today. Once installed on monitored computer it sends exact copies of all outgoing emails to your secret email address.
http://email-monitoring.net/
Also known as: SoftInfinity Advanced Keylogger
Advanced KEYLOGGER can capture passwords and logins keep track of all Key Strokes record all Internet Activity keep Screen visual statistics watch everything opened, typed and saved monitor instant messaging software keep tabs on all E-mail clients send reports secretly to your E-mail address reveal others secrets
http://www.mykeylogger.com/
From their website: "This program is a simple proxy server (port mapper). It is an ideal tool for monitoring any network software or for researching network protocols. Log files of all traffic that has passed through this program are organized in a nice manner and can be saved in a separate folder."
This is a trojan that will give an attacker access to your computer.
Advertismen deliver its own advertisement or third party advertisements to user's machine.It drops third party advertisement software on user's machine without their knowledge. From the EULA, A program that display advertisements in a pop up window or directly inside the browser window.It adds discreet advertisements to your Internet Explorer, Netscape, Opera or Firefox browser windows that will display links to internet tools and pages. You allow that third party software may be installed with the Software and that advertismen.com shall not be liable to anyone with respect to such third party software.
http://www.advertismen.com
Also known as: AdwareEliteMedia (Sophos) Adware-BitLocker.dr(McAfee)
Installs as an Internet Explorer BHO. Displays advertisements while surfing the internet.
Adware.iptv-plugins delivers massive advertisements to infected user's machine. It also slows down the performance of infected computer.
Also known as: Adware.Win32.Semt.a Semt
Display advertisement over user's machine. Install through Adware Downloader.
Also known as: Adware-Verticity (Mcafee) Verticity.IEDriver (Sunbelt)
Verticity downloads and displays advertisements. Please do not mistake the adware-Verticity with www.verticity.com
http://www.kitaramedia.com
Also known as: Winprotect
Winprotect is a simple program that will allow you to use an F Key as a shortcut to lock Windows 2000 or Windows XP. Winprotect Adware displays false pop-up messages in the Task bar. When clicking the pop-up, it redirects to a predetermined advertisement webpage.
Also known as: AlertSpy
This is a rogue anti-spyware. This is listed on the Rogue Anti-Spyware site by Spywarewarrior.com http://spywarewarrior.com/rogue_anti-spyware.htm
http://adwaredeluxe.com/
AdwareRemover2007 displays fake infection alerts and phones home to their site where a .cab file is installed through an ActiveX Control.
Also known as: AlwaysFreeAlways AFAEnhance
http://www.alwaysfreealways.com/
AFC Communication Tools is a chat application designed for missionaries that are working in other countries to communicate with their family and friends without local governments listening.
http://christianmissiontrips.org/index.php?option=com_content&task=blogcategory&id=19&Itemid=33
Also known as: Backdoor.Afcore.q CoreFlood.dll Backdoor.Coreflood BackDoor.Afcore.20 Troj/CoreFloo-C Backdoor:Win32/Afcore.Q.dll TR/Afcore.Q Win32:Afcore BackDoor.Afcore.AI Backdoor.Afcore.Q
Afcore is a backdoor Trojan program that appears as a Windows application file (.dll file) The Trojan has numerous functions that give attackers almost full control of victim computers.
Also known as: Trojan.Win32.Agent.rx, TROJ_AGENT.ECN
May download and install other malicious components.
Once this trojan is installed, it phones home to several porn sites.
Also known as: Troj/Agent-FXI (Sophos)
This trojan has the ability to communicate over a remote connection through HTTP. Once installed, it will leave 2 rootkits on the victim PC that allow the attacker access to the computer.
Also known as: Backdoor.Agent.B W32/Morph.worm W32.Randex.gen BackDoor.IRC.Fuxor Backdoor:Win32/Agent.G BackDoor.Agent.C Agent.Y
Some variants seem to be related to Webrebates. Agent.b is a Trojan backdoor that opens the infected machine to remote access.Agent.b is packed with two packers: Morphine and UPX. The packed file size is 38 KB and unpacked - 104 KB. Agent.b is controlled over IRC channels. The controller can download and execute files on the infected machine.
Agent.BBN is a downloader trojan. It installs as a Browser Helper Object for Internet Explorer.
This is a trojan that drops a rootkit in the C:\Windows\System32\Drivers directory. It also displays Chinese advertisements.
Agent.bgg downloads files without users permission. The key threat of this trojan is the rootkit that is dropped. When fully installed, it will mask the rootkit with the MD5 hash of beep.sys to avoid detection.
Also known as: Jakposh (Symantec)
This is a trojan that allows for the person distributing to remotely control your computer by download an ICQ client to your machine. Other products, such as Spysheriff, are installed as well.
Also known as: Win32/TrojanDropper.Agent.EYA Trojan-Downloader.Win32.Small.iuq (Sunbelt)
Agent.EYA drops other files and can communicate with a remote server.
This is a Chinese distributed Trojan that detects for the best known security applications in order to disable them. This trojan also has the ability to contact a remote mail server with network sensitive information.
Also known as: AGETIT_Secure_v2 (Sunbelt)
From Author: AGETIT Secure is a program which generates an executable file which when executed will download and execute any specified file from the net.
Also known as: W32/Gaobot.worm.gen.d, W32.HLLW.Gaobot.gen,Win32.HLLW.Agobot.3, W32/Agobot-BV,Win32/Gaobot.gen!,WORM_AGOBOT.RM,Worm/Sdbot.39936.B, Win32:Gaobot-268, Worm/Agobot,Backdoor.Agobot.3.Gen,
This is a classical backdoor trojan that allows a 'master' to control the victim machine remotely by sending commands via IRC channels.
This is a remote access tool that monitors AIM chat. It is also affilate with TrojanDownloader.Win32.Small.f. It also has the ability to monitor ICQ traffic.
AIM Sniffer Publisher's Description: AIM Sniffer is a handy network utility to capture and log AIM (AOL Instant Messenger) chat from computers within the same LAN. It supports not only messaging through AIM server but also direct connection messaging. All intercepted messages are well organized by AIM user with buddies and shown instantly on the main window. It provides rich-features report system to export captured AIM conversations as HTML files for later analyzing and reference.
http://www.aimsniffer.com
This trojan is most easily recognized by the file aimaster.exe running in the infected computer's running processes.
Also known as: IconPop-aimface
Under Investigation
http://aimface.com/
This is a trojan that will give an attacker access to your computer.
This is a trojan that will give an attacker access to your computer.
Also known as: Trojan.PSW.Ajan.10
From the Website: How do use Ajan: First you must configure it to send email to you. If you don't Ajan will never mailed you :)...For configuration run AjanConf.exe. Use this format: AjanConf.exe ajanServ.exe Program will ask you: Your email address, Mail server for sending mails (any valid mail server possible this step) Mail server port (mail servers actually use 25. port) Visible or hide running: you can choice visible or not visible run Ajan... (Recommended) After this steps configuration of Ajan completed. You can distribute Ajan server this step but we recommended first you bind a windows program (mirc, WinZip, crack patches, etc.) and after distribute. For insert Ajan into a normal program you can use AjanBind program... You need 3 thinks. 1. Ajanbase.exe (base file) 2. Ajan.exe (Ajan server) 3. Normal program (mirc, WinZip ...) And you can enter these programs while AjanBind ask. After you bind your Ajanbase.exe file convert to normal program that include Ajan program. And Ajan automatically runs when Ajanbase.exe run.
This is a trojan that will give an attacker access to your computer.
Also known as: Aladino.a
Once installed, this RAT Trojan allows remote connect through port 5005.
- Monitoring the active tasks list - Handling the critical programs list - Sending SMS alerts to the security administrator's mobile phone - Receiving control commands from the security administrator's mobile phone - Protection from unauthorized external access - Protection from unauthorized physical access With control commands you can remotely administer your computer via mobile phone. Just send the SMS from your mobile and one of the following actions can be performed: Displaying messages sent from a mobile phone Disabling a user's account and forcing system restart Termination of the active process Termination of all active processes from the monitored processes list Locking the active process Locking all active processes from the monitored processes list Dismounting all protected drives Tracing the route of a stolen or lost notebook or desktop PC Sending to a mobile phone the confirmation of command execution status
http://www.softsecurity.com/ampro.html
Also known as: Alexa Toolbar, Amazon Toolbar
Alexa web search -- a new kind of search engine. With traffic rankings, user reviews and other information about sites, Alexa is a web site discovery tool. Features an Amazon shopping button on the product and anonymously aggregates surfing information. Provides clear EULA as well as opt-out instructions. Alexa web search combines the Google search engine with Alexa's comprehensive site information and puts it all inside an Amazon.com interface. Used to transmit a identification ID, however, Alexa no longer does this. Has a very clear EULA but user's should understand that their surfing habits will be anonymously aggregated. Note- There have been reports that secure URLs can be sent when using the "Related Site Function" due to a security flaw in Internet Explorer.
http://www.alexa.com/
Also known as: Backdoor.Win32.mIRC-based, Program.mIRC.603, Tool.HideApp
Alexandra is a trojan, which is spread via links in IRC chat. When run on the target PC, a new folder is created in the System32 Folder which contains configuration files for mIRC (a popular IRC chat client). The infected machine then joins a Botnet, and awaits commands from the Botnet owner.
Also known as: AlexTrojan.200 Crackdown.100
This trojan communicates through the infected computer's port 4444.
Also known as: Alfa Cleaner XSRemover
From Alfa Cleaner website: Complete up-to-date protection from viruses, spyware, adware and hackers attacks. Other spyware removers are blind to most of the new threats. AlfaCleaner is not! Up-to-date features: * Heuristic analysis finds and deletes the newest threats. * Real-time protection is a deep system driver that blocks new spyware / adware / virus activity and offers to block / allow all strange system requests. * Automatic updates keep AlfaCleaner up-to-date without bothering you. AlfaCleaner uses false positives to scare users into purchasing the full version. Can be installed from Alfacleaner or installed from malware and windows exploits.
http://www.alfacleaner.com/
Also known as: Adware.AlibabaTB(Symantec) Alibaba Adware-AliToolbar(Mcafee) AliToolbar
Alibaba Toolbar adds a toolbar with Internet Explorer and logs search keywords.
This is a trojan that will give an attacker access to your computer.
Also known as: backdoor.alien
This is a trojan that will give an attacker access to your computer.
There exists a remote code execute vulnerability in the Chinese payment processor, Alipay, password input control "pta.dll". A remote attacker who successfully exploit these vulnerabilities can completely take control of the affected system. The original article can be found at http://ruder.cdut.net.
Also known as: All in One Keylogger
From their website: "This is Invisible surveillance tool that registers every activity on your pc to encrypted logs. It allows you to secretly track all activities from all computer users and automatically receive logs to a desire e-mail accounting."
Also known as: Hot Action Dating Dialer
Also known as: Backdoor.Win32.Almaster
This is a RAT Trojan that allows someone to remote connect onto the infected PC.
Also known as: Alt Net AltnetPointsManager Points Manager
This Browser plugin comes with Kazaa. It acts as a search engine, and supplies advertising to Kazaa users.
Also known as: Backdoor.Alvgus.a.exe
This is an RAT ( Remote Administration Tool ) This could be used to gain access to your computer.
Also known as: BKDR_AMANDA.A (Trend Micro)
This is a RAT that allows someone to remotely connect into the infected PC. Amanda operates over TCP ports 20, 28, 10012, 10013, 11011, 23032.
Also known as: BackDoor-FO [McAfee], Backdoor.Ambush [Kaspersky]
This Trojan will attempt to give the attacker remote access.
The Attacker can take control over the Victim's Machine once they dropped the server application.Amiboide Uploader has the features to transfer file and take control over the hard drive.
Also known as: Amitis 1.2
This trojan will compress files in victims pc and then download them, convert pictures in victims computer.
http://h2kclan.com/index.php?caty=hacking
Also known as: backdoor.AnaFTP.01.a
This is a trojan that allows for a hacker to remotely connect and transfer files onto the infected PC over FTP.
Also known as: Trojan.StartPage.O (Symantec), CWS.AnalyzeIE Module (Research-Sunbelt), Troj/Small-EI (SOPHOS), TROJ_SMALL.AFG (TrendMicro)
AnalyzeIE is a trojan that changes the browser settings such as default startpage of Internet Explorer. It usually comes into user computer by exploiting browser vulnerabilities. It is also capable of downloading and executing other components.
It is a dialer that connects to servers with pornographic content.
Also known as: Anger.Trojan
Implements a PPTP challenge/response sniffer. These c/r can be input into L0phtcrack to obtain the password, and an active attack on PPTP logons via the MS-CHAP vulnerability to obtain the users password hashes.
The site is CoolWebSearch. It tries to load a dialer, a trojan called Anicmoo (Norton), two ByteVerify trojans (Parser class and Counter class)
Also known as: TROJ_ANICMOO.AV (Trend Micro) Troj/Animoo-H (Sophos)
This worm is distributed through exploit .ani files that appear as JPEG's. This exploit affects fully patched Windows XP SP2 systems through IE 6 and IE 7. Vunerable systems include: Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 for Itanium-based Systems Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 Edition Microsoft Windows Vista The worm is also distributed across the network via mapped networked drives and shortcuts to a network location. It will infect all executable files with the worm. It also attempts to write to the Floppy drive of the infected PC, which causes seemingly random floppy drive activity often; if no floppy disk is inserted, the user might be presented with an error regarding a floppy disk, even if no floppy disk has recently been used. If successful, it will write a copy of the worm's main executable (tool.exe) and an autorun.inf file. If the floppy is inserted into a clean PC, it will infect it. Please refer to Microsoft Security Bulletin MS05-002 for information on the animated cursor vulnerability. A tell-tale sign that a PC is infected with this is an error message called "Windows - No Disk" that says, "Exception processing message c0000013 75b6bf9c 4 75b6bf9c 75b6bf9c."
Also known as: Trojan.Win32.AnnoyingSaver AnnoyingSaver Trojan Horse Trojan.Annoy Troj/Annoying Trojan:Win32/AnnoyingSaver TROJ_ANNOYSAVR.A Win32:Trojan-gen. Trojan.AnnoyingSaver.A
From Viruslist.com This Trojan horse installs a screensaver and doesn't allow it to be removed.
Anonymous Browsing Toolbar is an easy to use online privacy application designed to protect your online identity. It hides your IP address by routing your Internet traffic through remote servers. Simply choose a proxy from the list and surf the Internet with full privacy.
http://www.amplusnet.com/products/anonymousbrowsing/overview.asp
Also known as: Ant.AV
AntAv attempts to disable anti-virus applications.
Also known as: MultiDropper-DM.cfg trojandropper.win32. TrojanDropper.Win32.ZomJoiner.14
http://smoke2k4.narod.ru/
This is a trojan that creates a service by installing rootkits called antiarp.sys and hbkernel.sys. It tampers with numerous Windows Processes in order to control the victim machine.
Also known as: Ataka IEPatch.PWL.Trojan Trojan:Win32/AntiBTC TROJ_ANTIBTC.A TR/Ataka Win/Po-zdrawi.28416.trojan Ataka-AntiBTC Trojan.Win32.AntiBTC Trojan.Win32.AntiBTC.a
From Viruslist.com This Trojan arrives as an executable files (we got it named IE0199.EXE). When it is run, it extracts two files from its body (MPREXE.DLL and SNDVOL.EXE) and copies them to the Windows system directory. Note: the MPREXE.EXE executable file (not a DLL) is one of the standard Windows files. The Trojan then registers the MPREXE.DLL file in the system to force the system to run this file upon each reboot. The registration is done depending on the Windows version either in the system registry, or in the SYSTEM.INI file in [boot] section in the "drivers=" string. The MPREXE.DLL file is pointed as auto-executed. When executed, the MPREXE.DLL file just executes the SNDVOL.EXE file and exits. The SNDVOL.EXE file enables auto-dialing by changing the system registry Internet options, randomly selects one of three Bulgarian Web servers (www.btc.bg, www.infotel.bg, ns.infotel.bg), connects them and sleeps for some time. The Trojan does not perform any other actions.
This is a trojan that installs an adware payload once installed.
Also known as: BackDoor-KF Backdoor.Trojan.Client BackDoor.Thex.12 Troj/Bdoor-KJ Backdoor:Win32/Antilam Win32:Trojan-gen. BackDoor.Antilam.AL Backdoor.Antilam.2.0.R
Antilam is a family of remote administration trojan programs. The backdoor code allows remote users to control victim computers over a local network or the Internet. Most of the features are configured by the hacker(s) exploiting Antilam by using a special server editor program. The remote administration commands allow Antilam to perform the following actions on victim computers: - shut down or remove the trojan program - gather system and owner information - load and eject CD-ROM contents - "mess" with the Windows Desktop contents - turn off or speed up the mouse movement - show user-defined messages - manage open windows - restart or shut down the computer - change the system date - turn off the keyboard - manage files on victim computer disks - gain full access to the system registry - change screen resolution - save any information that is typed by the victim - print user-defined texts - change Windows color schemes - manage dial-up connections - manage the remote clipboard - chat with other hackers that are connected to the victim computer
Also known as: AntiLeech Plugin
This will generate pop-up advertisements on your computer.
Also known as: Backdoor.AntiPC BackDoor-APJ
Trojan or Trojan Horse is a general term that refers to programs that appear desirable, but actually contain something potentially harmful. It gets its name from the Trojan Horse that was an instrument of war used by the Greeks to gain access to the city of Troy. It looked like a gift of a giant wooden horse, but actually concealed soliders inside. The harmful contents could be anything, for example you may download what looks appears to be a free game, but when you run it, it opens up a port on your computer where a hacker can "remote control" your machine. A trojan's may also carry other payloads coulike a virus or worm, which then spread more damage.
Also known as: Antispy Spider
AntispySpider reports false errors and security threats on computers.
http://www.antispyspider.us/
This is another Rogue Anti-Spyware. This is on the Rogue Anti-Spyware list. http://spywarewarrior.com/rogue_anti-spyware.htm. Have seen multiple logs where the Trojan.Media-Codec was installed as well. http://www.spywareguide.com/spydet_2839_trojan_media_codec.html
http://www.anti-vermins.com
This is a rogue security application that is installed with the trojan, Myzor. Once installed, it lures users to purchase their scanner in order to remove the trojan installed.
http://www.antivirgear.com
This is a rogue anti-spyware. This is listed on the Rogue Anti-Spywarelist from Spywarewarriors.com http://spywarewarrior.com/rogue_anti-spyware.htm
antivirusprotector.com
This is a rogue anti-spyware. This is listed on the Rogue Anti-Spyware site from Spywarewarrior.com http://spywarewarrior.com/rogue_anti-spyware.htm
6d-antivirus.com
Also known as: AVGold
Advertised as a spyware removal program. Is usually installed by a trojan and can install the Winnook Trojan. After install icon appears in the tray and once user clicks on icon, a web browser opens up to the site http://www.antivirus-gold.com
http://www.antivirus-gold.com
Also known as: Antixbot.a (Symantec)
Antixbot is a worm which attempts to spread through Windows Live Messenger. It changes IE HomePage to http://www.imtools.org without user's knowledge.
Installs itself in Internet Explorer as a toolbar.
route.anwb.nl
From their website: "Any@Web is a powerful software specifically designed to monitor, record and restrict Internet activities in the network. It records any web pages viewed, files uploaded & downloaded and emails sent and received through any computers in the network. It can also restrict internet access of specified computers based on the rules set by user to prevent leakage of sensitive data or abuse of Internet access."
Also known as: Buddylist
Inserts several different files that are all connected to one another. These file names are generated randomly with the same file size. Most are found in the C:\WINDOWS\System32 folder. It is possible for someone to perform any of the actions: Enable and disable Ctrl+Alt+Delete Enable and disable the Start button Reboot or shut down the computer Move the mouse pointer Open or close the CD-ROM drive tray Read or delete AOL mail Hide or show the task bar Locate a member on AOL Monitor AOL Instant Messages Send a Instant Message
Also known as: APStrojan.ob AOL.PWSteal.32512 Troj/Aolps-OB Trojan:Win32/PennyTools.236544.A TROJ_AOL.BUDDY W32/PennyTools.trojan Win32:Trojan-gen. Trojan.AOL.Buddy.a
The "Trojan.Aol.Buddy" is an AOL password stealing Trojan. Two versions are currently known (by May 1999).
Also known as: AppSpy
From their website: "With AppSpy managers can easily track the usage of particular files and applications on a Novell Netware File Server within their company. Learn which files are most frequently used during the course of a day, week, month or year! You can also send messages to and clear connections of those users using a specific file. Use AppSpy to gather critical information and make important decisions based on the results."
Also known as: Adware-Appoli (McAfee), Adware.Appoli (Symantec)
Appoli is an adware program that shows pop up advertisements. Appoli installs as a Browser Helper Object for Internet Explorer. It is usually dropped by a downloader trojan.
AppsTraka is a desktop security application which monitors and controls user activity. It can track programs, files, keystrokes, websites visited and the complete time they were all used. - Records the caption of every window the user has viewed, along with the time and duration of use. Screen Captures Log File Locking - Drag and Drop support for adding and removing locked files. Windows Security Extensions - Hides disk drives from users and restrict options in the Start Menu. Stealth Surveillance
http://appstraka.hypermart.net/
This is a browser plugin.It pings back to secure.toolbarhost.com and appzplanet.com
http://www.appzplanet.com
Also known as: pop People On Page Envolo Apropos Media Pop!
AproposMedia is the advert-showing part of the 'PeopleOnPage' program, an Internet Explorer sidebar which claims to show a list of other users of the current site. From their Website: POP! World is being provided to you free of charge in exchange for your agreement to download and view advertising served via ContextPlus (a proprietary browser-based advertising delivery system). ContextPlus will deliver advertising on your computer screen on behalf of POP advertising clients. These advertising clients may be competitors of the publishers whose Web pages users may be viewing or may have viewed recently. By viewing advertisements served via ContextPlus ("ContextPlus Ads"), POP is able to subsidize the cost of providing you POP! World
http://www.peopleonpage.com/
Also known as: Backdoor.Aquadoor Aqua.020
This is a trojan that installs its adware payload through port 6655 on the infected PC.
Also known as: Vai-te
This is a worm that propagates itself over ICQ chat. Can be triggered several different ways including certain away messge text, messages, and a series of swear words.
Also known as: Backdoor.Arape.a
This Trojan will change your browser and also give the attacker the ability to access and send files from and to your computer.
Also known as: Backdoor.Arctic.06
This Trojan will give the attacker remote access.
Ardamax Keylogger is a small, easy-to-use keylogger that captures users activity and saves it to a logfile. The logfile can be viewed as a text or web page. Use this tool to find out what is happening on your computer while your away, maintain a backup of your typed data automatically or use it to monitor your kids. Ardamax Keylogger Features Hidden mode - Ardamax Keylogger will run in hidden mode, preventing users from knowing it is active. It will NOT show under Uninstall list, the Task list, or the Application menu! Keystroke monitoring - Track all keystrokes pressed. If a keystroke is pressed, Ardamax Keyogger will secretly record it and save it to a hidden log file for you to view at a later date.
http://www.ardamax.com/info_akl.html
Also known as: MayArchive.b (F-Secure), Trojan.Archiveus (Symantec)
Archiveus bundle randomly selected files (mostly data files) from your computer into a password-protected archive and deletes the original files. It then asks you to buy any product from a specific site to get your files back. Presence of one or all of the following files may indicate that Archiveus has affected you computer. %SystemDrive%\EncryptedFiles.als %UserProfile%\My Documents\Demo.als %UserProfile%\My Documents\EncryptedFiles.als %UserProfile%\INSTRUCTIONS HOW TO GET YOUR FILES BACK.txt The files 'EncryptedFiles.als' and 'Demo.als' contain the original files in archived form. File 'INSTRUCTIONS HOW TO GET YOUR FILES BACK.txt' has the instructions you must follow in order to get your files back. The content of 'INSTRUCTIONS HOW TO GET YOUR FILES BACK.txt' is shown below. ==================================================================================== INSTRUCTIONS HOW TO GET YOUR FILES BACK READ CAREFULLY This is automated report generated by auto archiving software. All your documents, text files and databases was archived with the long password. You can not guess the password for your archived files - password length is more than 30 symbols that makes all password recovery programs fail to bruteforce it (guess password by trying all possible combinations). Do not try to search for a program that encrypted your information - it simply does not exist in your hard disk anymore. System backup will not help you to restore files. Reporting to police about a case will not help you, they do not know the password. Reporting somewhere about our email account will not help you to restore files. Moreover, you and other people will lose contact with us, and consequently, all the encrypted information. WE DO NOT ASK YOU FOR ANY MONEY! We only want to do business with you. You can even EARN extra money with us. If you really care about the documents and information in encrypted files, you should send an email to restoring@[blocked].net or restoringfiles@[blocked].com This is your only way to get your files back and save your time. We do not want to do you any harm, we do not ask you for money, we only want to do business with you. ########################################################################## Remember you are just one step away from your files ########################################################################## ======================================================================================= Once you replied back to the given email id, you will get a reply mail like the one shown below. ======================================================================================= ------------------------------ How to get your information back. 1. Follow the link below http://[blocked].info/?570b5653aF03c0e3d6Adfc029aTdca79 and enter our online pharmacy. Our online pharmacy is the world leader in FDA approved medications. 2. Choose any product you like and buy it. 3. Send an email with your order id to our email address restoring@[blocked].net or restoringfiles@[blocked].com The password will be sent to your email address as soon as we verify your order id (usually 3-4 hours or shorter) and you will get your information in encrypted file back. All the emails with invalid order ids will be ignored. ------------------------------ We do not ask you for any money! We guarantee that you will receive the product you buy! You can use it by yourself or even sell and earn extra money because all the products in our online pharmacy are discounted! We guarantee that you will receive the password for encrypted file as soon as you buy any product in our online pharmacy. We guarantee that you will be able to restore all the encrypted information and we can prove it. Doubleclick on the file Demo.als and enter the following password: kfnr3kseo2uurnn33xxss883hd731bdjaebq The encrypted information will be restored in several seconds. The file EncryptedFiles.als is encrypted with another password which you will receive in the email from us. We guarantee that you will never be asked to buy anything in our online pharmacy again. We do not want to do you any harm, we do not ask you for money, we only want to do business with you. =========================================================================================
Also known as: Aristotles.100
From 2-Spyware.com - This parasite is a mIRC infector, which specializes in damaging this popular chat client. In case of success of its actions, this pest becomes able to monitor user's activities and steal his or her messages and passwords. This technique is tremendously dangerous, because it can often result in the loss of user's accounts
Also known as: Backdoor.Armageddon.10 MultiPager-A [McAfee] TrojanNotifier.Win32.EES.a
Armageddon is a Backdoor Trojan that infects Windows 9x. When run it can give unlimited access to a system to anyone running the appropriate client software. The Trojan was discovered in France. To work, it requires components be gathered from different web pages.
This is a trojan that is installed through a javascript exploit. Once installed it has the ability to log sensitive information such as passwords entered on unsecured websites.
Also known as: Backdoor.Arsd
This is a RAT that can gain remote access to your computer.
Also known as: Backdoor.Ascreen.a
This is a trojan that installs an adware payload.
Ashlt is a spyware program that sends out private information.
Also known as: W32.ASpam.Trojan.B (Symantec)
The installer was attached to a mass-mailing from Microsoft (aspam@microsoft.com), offering an anti-spam feature for Outlook Express. Creator unknown.
Also known as: Assasin
The Assasin Trojan Horse allows unauthorized access to the infected computer. This Trojan Horse also attempts to terminate the processes of many executables, including various firewall and antivirus programs.
Also known as: Backdoor.Assasin.10, Backdoor.Assasin.11 [AVP], BKDR_SANISI.A
Sophisticated trojan. Has features of most trojans,EG:open close cd drive,pop up messages,upload-download files,etc. Also attempts to counter attack many executables, including various firewall and antivirus programs.
Also known as: Assassin.100 Backdoor.Assassin
This trojan communicates over port 6669 in order for it to drop its adware payload.
Also known as: Asylum 0.1
This is a trojan that installs an adware payload onto the infected PC through a remote connection.
Also known as: Adw.BestOffersNetworks.AtomicClockSync(Sunbelt)
It synchronizes the user's PC clock with an atomic clock time server. The application bundles several other adware also.
From Their Website: AtomicLog lets you keep your Internet activity under your control. AtomicLog provides the means for monitoring, analyzing, and filtering your Internet activity. Historical and real-time usage merge via an easy to use graphical interface. Monitor web site visits and activity, chatroom sessions, videoconferencing sessions, file transfer session, e-mail both sent and received, and much much more. Speeds your browsing by blocking unwanted ads and web sites, stop spyware and more. Works with AOL, Netscape Navigator, Internet Explorer, Opera, or any other Internet enabled program.
http://www.atomiclog.com/
Atomic Time synchronizes local time with a central time server. It acts as a vector for AproposMedia. From EULA : 1.ContextPlus (CP) will periodically deliver advertisements and promotional messages to your computer based, in part, on your interests as shown by the websites you view. 2.ContextPlus AdServer software, described in detail below, delivers ContextPlus advertising and various informational or promotional messages to computer screens while users view Internet Web pages ("ContextPlus Ads"). The "ContextPlus Network" is an advertising network that delivers advertisements from the ContextPlus Network's advertising clients to users of ContextPlus Supported Software ("Subscribers"). The ContextPlus AdServer technology identifies the interests of anonymous Subscribers based on their computer usage and web surfing behaviour, including the URLs of Web pages viewed by Subscribers and other criteria but does not intentionally collect ANY personally identifying information. 3.The ContextPlus AdServer displays ContextPlus Ads on computer screens on behalf of the ContextPlus Network's advertising clients and not necessarily on behalf of the Web site the Subscriber may be viewing when the ad appears. 4.In fact, the ContextPlus Network's advertising clients may be competitors of the publishers whose Web pages Subscribers may be viewing, or may have recently viewed. 5.ContextPlus Ads may be displayed on behalf of advertisers who may be competitors of the publishers of the Web pages Subscribers are viewing or have recently viewed.
Also known as: Backdoor.Audiodoor.11
This is a trojan that installs an adware payload onto the infected PC through a remote connection.
Also known as: Backdoor.Audiotroj.10
This trojan installs unrelated software.
Also known as: Backdoor.Augudor
This trojan opens port 1011.
Also known as: Radiate
Probably one of the first real adwares that started the whole craze. Inserted banner advertsing into freeware and shareware applications. Profiled surfing habits and sent information back to the home server without permission. Defunct- No longer supported by its creators.
Aureate Group Mail is an application which helps users to maintain their email mailing list. It also displays advertisements.
Displays advertisements and tracks surfing habits.
AutoBot is a do-it-yourself Botnet. It allows anyone to set up an executable that connects their victims to an irc server ready, willing, and able to take commands
This trojan installs other malicious programs and sets up a remote connection in order to further control the victim PC.
Also known as: Backdoor.Autocrat.b
This is a trojan that drops and adware payload.
Also known as: AutoSearchBHO Hijacker MSInfoSys Wink AutoSearch - AutoSearchBHO
AutoSearch is an IE Browser Helper Object that hijacks address-bar searches. It knows about some of the other prevalent search-hijackers ? IGetNet, CommonName and NewDotNet ? and will steal back any address bar searches they take over. Any address bar search you do is sent to a single page at www.tunders.com (which includes only static adverts, no search results).
Also known as: AutoSpy.110
This is a trojan that will give an attacker access to your computer.
AV Trojan is a Trojan horse that terminates the processes of common antivirus and firewall products.
Also known as: ProcKill-A Trojan.Win32.Avkillah.a
This Trojan will kill many anti-virus and firewall applications.
Also known as: Backdoor.Avone.2
This is a trojan that is installed with free video converting software.
Avone.A is a virus that infects Excel workbooks and deletes files.
Also known as: AV System Care
This is a rogue anti-spyware. This is listed on the Rogue Anti-Spyware site by spywarewarrior.com http://spywarewarrior.com/rogue_anti-spyware.htm. This is just one of many Miscellaneous Security programs produced by Verio Productions Limited.
avsystemcare.com
Also known as: Axexx CHM (Sunbelt) Adware-Xplugin.dldr (Mcafee) SPR/TMKSoft.Adw.1 Trojan.Dropper.Agent.Ik Dropper.Agent.6.BN Trojan.Dropper.Agent.IK Trojan.Downloader.Esepor-3 Trojan.StartPage.775 W32/Dropper.QI W32/Agent.IK-tr Trojan-Dropper.Win32.Agent.ik Win32/TrojanDropper.Agent.IK W32/Agent.DEA
This is a CHM file exploit. If the file is opened it drops an executable file and runs it.
This is an overflow exploit that is common in Tencent QQ that allows for the distributor to gain remote access to the account.
Also known as: AzeBar AZE SEARCH TOOLBAR
From AZeBar website AzeBar is a powerful search toolbar that allows you to search directly from your browser without having to navigate to a search engine. Simply type in what you are looking for into the AzeBar search box and click the "GO" button to see results. After installing the AZeBar, other bars and applications are installed. Please read their terms page. http://www.azebar.com/pages/terms.html
http://www.azebar.com
Also known as: Trojan.PSW.BStroj.19
A Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a "client" in the attacker's machine, and a "server" in the victim's machine.
Also known as: B-RAT-T
The Client application which is running on Attacker's system can take control over the remote system which has the server application.B-RAT-T can able to record the keystrokes , logs current running process , manage the file transfer.It also take control over the victim's mouse , CD Drive and Desktop theme.
Also known as: babetv Global Content Ltd
Also known as: Backdoor.Back
Also known as: Backdoor.Backage
Backage is a backdoor Trojan horse that allows unauthorized access to a compromised computer. Backage is written in Visual Basic. The default ports are 5333 (TCP) and 411(TCP).
Also known as: Backdoor.Backattack
Also known as: BackConstruction.210 BackConstruction.250 Bla.100 Bla.200 Bla.400 Bla.503 Cain.150 Dimbus.100 Ripper.100 SatansBackdoor.100 SatansBackdoor.101 SatansBackdoor.102 BackConstruction.120 BackConstruction.150 BladeRunner.080 DeepThroat.300 Mneah.100
This product allows someone to remotely control your computer by communicating through port 666.
Also known as: Backdoor.BackConstructor
Also known as: Backdoor.Win32.Death.18 Backdoor.Death.18 BackDoor-FP Backdoor.Trojan Backdoor:Win32/Death.1_8 TROJ_DEATH BackDoor.Death
This Trojan is a password stealer and allows remote access.
Also known as: Galapoper(Mcafee)
Connects to websites that hosts configuration scripts that contain remote control commands. These commands can be different for each infected computer. Has the ability to download and execute files. Can send spam that is composed from information from numerous servers.
Backdoor-ARR can allow unauthorized access to users computer.
Also known as: TrojanDownloader.Win32.Agent.cd (AVP)
Downloads unwanted software without user knowing.
Also known as: Backdoor.Win32.VB.yo BackDoor-CLS
This is a trojan that has the ability to log keystrokes and install an adware payload once installed. It also allows for the distributed to gain remote access to the infected machine.
Also known as: Troj/Ciadoor-CJ (SOPHOS), BDS/Agent.CFC
This is a backdoor trojan which provides remote access to an infected computer.
Also known as: backdoor-dkd.dr (McAfee)
This is a trojan that drops a rootkit to hide itself from detection.
Also known as: Troj/Bckdr-QHH (Sophos) BKDR_SDBOT.W (Trend Micro)
This trojan communicates with a remote IRC server through a service the attacker puts onto the victim's PC. Once active, the trojan can send sensitive information back to the attacker.
Opens ports to allow remote access to computer. Can be used as a proxy and can download and execute files without users knowledge.
Also known as: Downloader-JF.dr(Mcafee), Backdoor.Sedepex(Symantec)
Has the ability to download and run files, disable security software, send email, and communicate with remote servers via HTTP.
Communicates with remote servers via HTTP. Receives commands to download and execute files. Sends out marketing email spam with its own SMTP engine.
Also known as: Troj/Agent-ENR (Sophos)
Backdoor.ahj downloads additional files, allows other to access the computer.
Backdoor.BackOrifice , When installed allows others to gain full access to the system through a network connection.
Also known as: Win32.Webber (Computer Associates), BackDoor-AXJ (McAfee), Troj/Padodor-Y (Sophos)
Backdoor.Berbew.N is a Trojan that steals confidential information like passwords and send it to a predetermined URL. It also opens a backdoor on random port and lowers security settings.
This is a trojan that installs an adware payload.
Also known as: Win32.Mytob.BO [Computer Associates], Net-Worm.Win32.Mytob.gen [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], W32/Mytob-AE [Sophos], WORM_MYTOB.CD [Trend Micro],W32/Sdbot.worm.gen.h , Backdoor.Win32.Rbot.qu
Backdoor.Cont is an IRC backdoor Trojan , which runs continuously in the backdrop, providing a backdoor server on a port. It listens for instructions from a distant malicious user. The supposed instructions are implemented locally on affected machines. Drops a file "C27D8FEF-D7AE-42c0-82E6-F30598265639.exe" at location %temp%\C27D8FEF-D7AE-42c0-82E6-F30598265639.exe. This file is generated by the packer used to compress the executable file and is not malicious. Note: %Temp% is a variable that refers to the Windows temporary folder. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000).
Backdoor.CVM opens a backdoor and can provide unauthorized access to a compromised computer. Periodically connects to a remote server to receive information to update itself.
This is a trojan that installs through your IRC client.
Also known as: W32/Rbot-BCQ (Sophos), Backdoor.Win32.Rbot.aeu ,MS03-026_Exploit!Trojan, W32/Sdbot.worm, Worm_Rbot.Cya (Trend Micro)
Backdoor.DRam is a worm and IRC backdoor Trojan , which runs continuously in the backdrop, providing a backdoor server on a random port. It connects to an Internet Relay Chat (IRC) server and joins a specific channel, where it listens for instructions from a distant malicious user. The supposed instructions are implemented locally on affected machines. It can perform denial of service (DoS) attacks against target sites using different flood methods. This worm is capable of gathering and stealing Microsoft product keys as well as application product IDs from popular software products installed on affected machines.
BackDoor.DrefIW is an IRC Backdoor Trojan Horse that gives its author control of an infected computer through Internet Relay Chat (IRC).
Also known as: Troj/Bifrose-KP (Sophos),Backdoor.Win32.Bifrose.rr W32/Sdbot.worm.gen.h [Mcafee]
BackDoor.Ebnoy is an IRC Backdoor Trojan that allows a remote attacker to control the compromised computer and performs various malicious actions through Internet Relay Chat (IRC). It adds False IP's to more than 50 popular antivirus companies urls in the Host file, disables antivirus notifications, firewall notifications, update notifications, and overrides firewalls. It also steals data from SQL Server and Mysql databases. It drops oreans32.sys and libmysql.dll, where oreans32.sys is a component of a legitimate executable file protection system and in itself is not malicious. The file oreans32.sys is registered as a new system driver service named "oreans32", with a display name of "oreans32". libmysql.dll is also a legitimate client API used to trace SQL statement sent by other applications. BackDoor.Ebnoy creates the folder, %Windir%\system32\programs\. These files are used for Transmission through P2P programs. Copies itself to the %Windir%\system32\programs\ folder as the following filenames: 2 Find MP3 8.2.0.exe Adobe InDesign CS 2.exe Adobe keygen for photoshop indesign incopy SERIAL crack.exe Adobe Photoshop CS 2.exe Autocad 2002 Crack.exe Autocad 2004 Crack.exe Autocad 2005 Crack.exe Autocad 2006 Crack.exe BEST HACK TOOL FOR REAL HACKERS KEYLOGGER WEBCAM SPY! - PRIVATE.exe Counter strike - cs full version.exe Counter strike keygen WORKING FOR ONLINE STEAM.exe Credit card generator.exe Eric vd Vogt Gay Movie - Dutch homosexual fetish raped.exe Fifa 2006 FULL with crack.exe Fifa 2007 FULL with crack.exe flash 8.exe Free SMS Bomber.exe Google hack tutorial for beginners.exe HalfLife 2 WORKING Steam crack.exe Hotmail account hacker in 30 minutes.exe Hotmail hacker.exe hotmail_account_sniffer.exe Hotmailhacker v1.0.exe IP Changer.exe Microsoft Office Activation Crack.exe Microsoft Office Professional Crack.exe Microsoft Office Professional Serial.exe Microsoft Office Professional Universal Crack without serial.exe Microsoft Office Universal Activator v1.0.exe MSN hacker - password stealer.exe norton anti virus FULL NEWEST VERSION.exe Norton AntiVirus 2005 crack.exe Norton AntiVirus 2006 crack.exe Norton antivirus crack.exe Norton firewall 2006 crack.exe porn.exe porn_account_cracker.exe porn_account_hacker.exe psx2 - playstation 2 emulator.exe toon boom.exe UniVersal GSM unlocker for removing simlock (NOKIA,ERICSSON,SONY,SAMSUNG,OTHERS).exe WinRAR 4 beta.exe yahoo_cracker.exe yahoo_hacker.exe Yahoo_mail_cracker.exe ZoneAlarm crack (keygen).exe
Backdoor.Gaster is a Trojan that gives an attacker access to your computer. It opens up port 19937 by default and ends various processes.
This Trojan gives the attacker access to the infected computer.
Also known as: Troj/GrayBrd-BA (SOPHOS), BackDoor-CXD (McAfee)
Backdoor.Graybird is a backdoor trojan.
Also known as: W32/Sdbot-PY (Sophos), Backdoor.Win32.SdBot.gen , W32/Spybot.worm.gen.n
BackDoor.IrcBik is a Backdoor Trojan for the Windows platform. The backdoor component of BackDoor.IrcBik allows a remote attacker to control the users computer and use it as a proxy server or to launch distributed denial of service attacks. The Trojan also logs users' keystrokes to a file named ntfsdi.txt in the Windows system folder.
This is a trojan that uses the value 'anassim' to autostart.
Also known as: Worm.P2P.SdDrop.d (KAV), W32/Sddrop.worm.g (McAfee), WORM_SDDROP.A (Trend Micro), W32/Sddrop-B (Sophos),W32.Kwbot.F.Worm (Symantec)
Backdoor.IrcJan is an IRC Backdoor Trojan Horse that gives its author control of an infected computer through Internet Relay Chat (IRC). It adds False IP's to more than 50 popular antivirus companys urls in the Host file, disables antivirus notifications, firewall notifications, update notifications, and overrides firewalls. One of the malicious exe files acts a Server exchanging commands. BackDoor.IrcJan creates a folder containing a lot of malicious executables with the same file, MD5 and different names.. Backdoor.IrcJan creates the folder, %Windir%\system32\programs\ Copies itself to the %Windir%\system32\programs\ folder as the following filenames: 2 Find MP3 8.2.0.exe Adobe InDesign CS 2.exe Adobe keygen for photoshop indesign incopy SERIAL crack.exe Adobe Photoshop CS 2.exe Autocad 2002 Crack.exe Autocad 2004 Crack.exe Autocad 2005 Crack.exe Autocad 2006 Crack.exe BEST HACK TOOL FOR REAL HACKERS KEYLOGGER WEBCAM SPY! - PRIVATE.exe Counter strike - cs full version.exe Counter strike keygen WORKING FOR ONLINE STEAM.exe Credit card generator.exe Eric vd Vogt Gay Movie - Dutch homosexual fetish raped.exe Fifa 2006 FULL with crack.exe Fifa 2007 FULL with crack.exe flash 8.exe Free SMS Bomber.exe Google hack tutorial for beginners.exe HalfLife 2 WORKING Steam crack.exe Hotmail account hacker in 30 minutes.exe Hotmail hacker.exe hotmail_account_sniffer.exe Hotmailhacker v1.0.exe IP Changer.exe Microsoft Office Activation Crack.exe Microsoft Office Professional Crack.exe Microsoft Office Professional Serial.exe Microsoft Office Professional Universal Crack without serial.exe Microsoft Office Universal Activator v1.0.exe MSN hacker - password stealer.exe norton anti virus FULL NEWEST VERSION.exe Norton AntiVirus 2005 crack.exe Norton AntiVirus 2006 crack.exe Norton antivirus crack.exe Norton firewall 2006 crack.exe porn.exe porn_account_cracker.exe porn_account_hacker.exe psx2 - playstation 2 emulator.exe toon boom.exe UniVersal GSM unlocker for removing simlock (NOKIA,ERICSSON,SONY,SAMSUNG,OTHERS).exe WinRAR 4 beta.exe yahoo_cracker.exe yahoo_hacker.exe Yahoo_mail_cracker.exe ZoneAlarm crack (keygen).exe
Also known as: Backdoor.IrcContact (Symantec), Backdoor.Win32.IrcContact.30 (Kaspersky), Win32.Coiboa.G (Pest Patrol) Win32/Contact.C (CA eTrust)
Backdoor.IrcUnd is a Backdoor Trojan that gives an attacker unauthorized access to an infected computer. By default, it opens port 6667 on an infected computer. The Bot module of Trojan provides an invader with illegal remote admittance to the compromised system and the invader can carry out the following events on this infected machine: -> Connect to download files from the URLs -> Execute programs remotely -> Perform DDOS -> Start and stop services -> Retrieve system information -> Uninstall the bot Once running, the bot module connects to a predefined IRC server and channel on a predefined port , awaiting commands from the invader.
Also known as: Peerbot.B (PandaSoftware), W32/Peerbot.B.worm
BackDoor.JK is an IRC Backdoor Trojan Horse that gives its author control of an infected computer through Internet Relay Chat (IRC). It adds False IP's to more than 50 popular antivirus companies urls in the Host file, disables antivirus notifications, firewall notifications, update notifications, and overrides firewalls. It also steals data from SQL Server and Mysql databases. BackDoor.JK creates the folder, %Windir%\system32\programs\. These files are used for Transmission through P2P programs. Copies itself to the %Windir%\system32\programs\ folder as the following filenames: 2 Find MP3 8.2.0.exe Adobe InDesign CS 2.exe Adobe keygen for photoshop indesign incopy SERIAL crack.exe Adobe Photoshop CS 2.exe Autocad 2002 Crack.exe Autocad 2004 Crack.exe Autocad 2005 Crack.exe Autocad 2006 Crack.exe BEST HACK TOOL FOR REAL HACKERS KEYLOGGER WEBCAM SPY! - PRIVATE.exe Counter strike - cs full version.exe Counter strike keygen WORKING FOR ONLINE STEAM.exe Credit card generator.exe Eric vd Vogt Gay Movie - Dutch homosexual fetish raped.exe Fifa 2006 FULL with crack.exe Fifa 2007 FULL with crack.exe flash 8.exe Free SMS Bomber.exe Google hack tutorial for beginners.exe HalfLife 2 WORKING Steam crack.exe Hotmail account hacker in 30 minutes.exe Hotmail hacker.exe hotmail_account_sniffer.exe Hotmailhacker v1.0.exe IP Changer.exe Microsoft Office Activation Crack.exe Microsoft Office Professional Crack.exe Microsoft Office Professional Serial.exe Microsoft Office Professional Universal Crack without serial.exe Microsoft Office Universal Activator v1.0.exe MSN hacker - password stealer.exe norton anti virus FULL NEWEST VERSION.exe Norton AntiVirus 2005 crack.exe Norton AntiVirus 2006 crack.exe Norton antivirus crack.exe Norton firewall 2006 crack.exe porn.exe porn_account_cracker.exe porn_account_hacker.exe psx2 - playstation 2 emulator.exe toon boom.exe UniVersal GSM unlocker for removing simlock (NOKIA,ERICSSON,SONY,SAMSUNG,OTHERS).exe WinRAR 4 beta.exe yahoo_cracker.exe yahoo_hacker.exe Yahoo_mail_cracker.exe ZoneAlarm crack (keygen).exe
This is a virus that allows for someone to remotely connect to your computer.
Backdoor.Lala is a Trojan Horse that allows unauthorized access to a compromised computer. The Trojan opens TCP/UDP port 4627, 1149, or 1877 to allow remote access.
Backdoor.Lara is a IRC backdoor Trojan , which runs continuously in the backdrop, providing a backdoor server on a port 6667. It connects to an Internet Relay Chat (IRC) server and joins a specific channel, where it listens for instructions. The supposed instructions are implemented locally on affected machines. This Trojan also kills Taskmanager and Regedit processes, making it hard to revert the registry changes. It adds itself as a Windows Firewall Exceptions, making all traffic permeable from the specific Server.
Backdoor.LMU is a trojan component that can be used by adware applications to download additional components.
This is a trojan that allows for the distributer to remotely connect and install unrelated software.
BackDoor.Multi is a IRC backdoor Trojan , which runs continuously in the backdrop, providing a backdoor server on port 6667. It connects to an Internet Relay Chat (IRC) server and joins a specific channel, where it listens for instructions. The supposed instructions are implemented locally on affected machines.
Also known as: Backdoor.rat
This is a trojan that downloads an adware payload from the internet when it is installed. User's should watch for suspicious randomly generated filenames.
Also known as: BackDoor-BBK, NTbindshell, Troj/Bckdr-BBK (SOPHOS)
Remserv is a backdoor Trojan that allows remote intruder to gain access to your system.
Also known as: W32.Spybot.Worm (Sunbelt),Worm.P2P.SpyBot.gen
BackDoor.SndMax is an IRC Backdoor Trojan Horse that gives its author control of an infected computer through Internet Relay Chat (IRC). It adds False IP's to more than 50 popular antivirus companys urls in the Host file, disables antivirus notifications, firewall notifications, update notifications, and overrides firewalls.
Backdoor.Thunker runs a proxy server on the infected computer. This allows the attacker to route internet traffic through the infected computer.
Also known as: Generic BackDoor.u (McAfee)
Opens a port to allow attacker access to users computer. Attacker can possibily delete files, upload/download files, open/close CD-tray, edit the registry, and have control of almost all computer functions.
Also known as: Win32.VB.qg (Kaspersky Lab) Trojan-Spy.Win32.VB.qg (Sunbelt)
Backdoor.VB.qg is a generic back-door program. Can allow an attacker access to your personal computer. Backdoor.VB.qg can give an attacker the ability to upload/download files, execute/delete files, change system settings, edit the Windows Registry, open cdrom tray, launch key-loggers or other malicious software.
This is a trojan that installs an adware payload onto the infected PC through a remote connection.
BackDoor.YFP is an IRC Backdoor Trojan Horse that gives its author control of an infected computer through Internet Relay Chat (IRC). One of the malicious exe files acts a Server exchanging commands. Once Local machine is infected, it uses local machines IP and places messages on IRC as "excuse me,but its seems that your computer is vulnerable to the new mirc exploit,so get yourself ASAP this repair from http://[Local IP ]/WinXP_Mirc_Fix.exe" This worm Disables Anti Virus Notifications, Disables Firewall Notifications, Overrides Firewall, Disables Updates Notifications. It adds False IP's to more than 50 popular anti virus companies urls in the Host file.
Also known as: Backdoor.Antilam.20.a, Backdoor.Minilash.10.a, Backdoor.Minilash.10.b
This is a trojan that drops its adware payload onto the infected machine through port 2130.
Also known as: Backdoor.Backstabb
It?s a Trojan written in Visual basic.
Also known as: Bad Ass Troj_Crazy BadASS.Worm
Also known as: Bad Blood
A trojan that uses ports 6006 and 27374.
Also known as: Backdoor.Badboy
This is a RAT that allows remote control or connect to the infected PC.
Also known as: virus [Eset], VCL.BadCommand.541 [Kaspersky], VCL.Dome [Computer Associates]
This is a trojan that allows the distributor to remotely connect and control the infected PC.
Also known as: Badcon.Trojan
This Trojan horse takes advantage of an old Windows 95/98 vulnerability. A Microsoft patch that fixes this vulnerability has been available since March 2000. The affected systems are Windows 95, Windows 98 and Windows 98 Second Edition (SE).
Also known as: BadTrans W32.Badtrans.B@mm
This is a worm/virus that sends itself by email. Installs keystroke logging