Worm:Win32/VB.FT is a worm, written and compiled using Visual Basic 6, that spreads by copying itself to logical and removable drives. This worm maximizes its chance of execution by copying itself using existing folder names; it then hides those folders by changing their attributes.

Worm:Win32/Pushbot is detection for a family of malware that spreads via MSN Messenger and AIM when commanded to by a remote attacker. This worm contains backdoor functionality that allows unauthorized access and control of an affected machine.

Worm:Win32/Slenfbot.IB is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Win32/Brontok is a family of mass-mailing e-mail worms. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from files on the infected computer. It can also copy itself to USB and pen drives. Win32/Brontok can disable antivirus and security software, immediately terminate certain applications, and cause Windows to restart immediately when certain applications run. The worm may also conduct denial of service (DoS) attacks against certain Web sites.

Worm:Win32/Slenfbot.NH is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Win32/Sircam is a family of mass-mailing network worms that targets certain versions of Microsoft Windows. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses found on the infected computer. It also spreads to network shares with weak administrator passwords. On a particular date, the worm may fill the system disk or delete all files on the disk.

Win32/Taterf is a family of worms that spread via mapped drives in order to steal login and account details for popular online games.

Win32/Taterf is a family of worms that spread via mapped drives in order to steal login and account details for popular online games.

Worm:Win32/Hamweq.D is a worm that spreads via removable drives, such as USB memory sticks. It contains an IRC-based backdoor, which may be used by a remote attacker to order the affected machine to participate in Distributed Denial of Service attacks, or to download and execute arbitrary files.

Worm:Win32/Autorun.CF is a worm that spreads via removable drives. It performs keylogging, modifies security settings, and deletes the Registry Editor utility.

Win32/Mytob is a family of mass-mailing worms that targets computers running certain versions of Microsoft Windows. The worm can spread by exploiting Windows vulnerabilities that are fixed by installing Microsoft Security Updates MS03-026 and MS04-011. The worm can also spread by sending a copy of itself through e-mail, MSN Messenger, or Windows Messenger. 

Win32/Jeans.A@m is an e-mail worm that tries to register itself as a debugger for Task Manager, Registry Editor, and other legitimate system applications.

Worm:Win32/Lovgate.B@mm is a mass-mailing worm that sends itself as an e-mail attachment to addresses found on the infected computer. To spread via networks and file shares, Worm:Win32/Lovgate.B@mm copies itself to writeable network shares and shares protected by weak user name and password pairs. The worm opens a backdoor on infected systems and may send system passwords and other sensitive information to the worm's author.

Win32/Sober.Q@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm spreads by sending a copy of itself as an attachment to e-mail addresses found on the infected computer. The e-mail may be in English or German. The worm runs when the user opens the attachment.

Win32/Netsky.I@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens an e-mail attachment that contains the worm. There may be no readily apparent indications that a computer is infected with this worm.

Win32/Korgo.R.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.

Win32/Netsky.X@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens the attachment that contains the worm. The worm also contains a backdoor and performs denial of service (DoS) attacks against certain Web sites.

Win32/Zafi.D@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on an infected machine. The worm is activated when a user opens the e-mail attachment that contains the worm. Your computer may be infected with Win32/Zafi.D@mm if you notice e-mails with a certain appearance, certain error messages, or certain file names on the infected computer.

 

Win32/Gaobot.ZP is a network worm that can spread across network connections by exploiting the vulnerability described in Microsoft Security Bulletin MS03-026. The worm has backdoor capabilities that allow attackers to control the infected computer using IRC channels. The worm also acts as a bot on the IRC network, coordinated through the IRC command, to launch massive distributed denial of service (DDoS) attacks and retrieve personal and system information.

Win32/Bropia.G.worm is a worm that targets computers running certain versions of Microsoft Windows. The worm spreads and is activated when a user opens a file that is sent through MSN Messenger or Windows Messenger. The worm drops Trojan:Win32/Pakes.C when it runs.