Worm:Win32/Pushbot.KG is a worm that may spread via MSN Messenger and/or AIM. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Trojan:Win32/Daales.A is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.

Win32/Bagle.BA@mm!CME-477 is a mass-mailing worm. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it finds on the host computer. Win32/Bagle.BA@mm!CME-477 also spreads by copying itself to folders containing the string 'shar' in the folder name.

Backdoor:Win32/IRCbot.gen!Y is a bot that connects to an Internet Relay Chat (IRC) server and provides attackers with unauthorized access and control of your computer. It attempts to spread via removable drives and network shares, P2P (peer-to-peer) services and IM (instant messaging).

It is a member of the Backdoor:Win32/IRCbot family of bots.

 

TrojanDropper:Win32/Sirefef.gen!A is a trojan that is used to install Win32/Sirefef. It is distributed using exploits and social engineering tactics, where it is bundled with "keygens" and "cracks".

In a typical scenario, you may choose to download what they think is a "keygen" or "crack" (a program that enables software piracy by bypassing licensing or activation requirements). However, TrojanDropper:Win32/Sirefef.gen!A is also included in the download and is installed on your computer  - without your knowledge - alongside the keygen or crack. 

Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. If you are infected with Sirefef, we recommend you take the following steps to remove this threat from your computer:

Before you begin you will need:

- A computer that is not infected and is connected to the Internet. You will use this computer to download a copy of the Microsoft Safety Scanner
- A blank CD, DVD or USB drive. You will use this CD, DVD or USB drive to run the Scanner on your infected computer 

1. Download a copy of the Microsoft Safety Scanner from a clean, uninfected computer
2. Save a copy of the Scanner on a blank CD, DVD, or USB drive
3. Restart the infected computer
4. Insert the CD, DVD, or USB drive into your infected computer and run the Scanner
5. Let the Scanner clean your computer and remove any infections it finds

After running the Scanner, ensure that your antivirus product is up-to-date. You can update Microsoft security products by downloading the latest definitions at this link: Get the latest definitions.

As a consequence of being infected with this threat, you may need to repair and reconfigure some Windows security features. Please see Additional remediation steps in this entry for more information.

Worm:Win32/Mytob.RR is a mass-mailing worm that that targets computers running certain versions of Microsoft Windows and computers across a network. The worm can spread by exploiting Windows vulnerabilities that are fixed by installing Microsoft Security Updates MS03-026 and MS04-011. 

 

The worm can spread by sending a copy of itself through e-mail, AOL Messenger, MSN Messenger, or Windows Messenger. The worm also spreads by copying itself to common shared folders for peer-to-peer file sharing applications such as Morpheus, Limewire, Emule and others. Win32/Mytob.RR has a backdoor component that connects to an IRC server from the infected computer, allowing it to receive commands from attackers.

Worm:Win32/Pushbot.QD is a worm that may spread via MSN Messenger and/or AIM. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Worm:Win32/Prolaco.gen!E is a generic detection of a worm that spreads via e-mail message attachments, removable drives and shared folders of P2P applications. This worm also lowers security settings and disables certain security software and services.

Win32/Prolaco.gen!B is a generic detection of a worm that spreads via e-mail message attachments, removable drives and shared folders of P2P applications. This worm also lowers security settings and downloads and installs Win32/Vundo.

TrojanDownloader:Win32/Bagle.gen!A is the generic detection for trojans that download worms from the Win32/Bagle family. They are usually distributed as attachments of spammed e-mail messages. They may also change certain system settings.

Trojan:Win32/Sinis.C is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.

Worm:Win32/Nokpuda.A is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new computers. Commonly, worms may spread directly by copying themselves to removable or network drives, or by attempting to exploit particular vulnerabilities on targeted computers. Worms also often attempt to spread via platforms that require user interaction in order to run. They may send themselves as an attachment to an email or an instant message, or send a link to a copy of themselves in the body of a message. In these cases the message needs to be convincing enough to encourage the victim to click on the link or attachment and run or download a copy of the worm.

Worm:Win32/Autorun.XV is a worm that drops multiple copies of itself in the computer. Some of its copies are dropped in removable drives; on computers that have Autorun enabled, the worm copies are automatically run every time the drive is accessed. Some of its copies are dropped in shared folders of peer-to-peer (P2P) programs; on computers that have running P2P programs, this causes the worm to be downloaded by other remote users.

Worm:Win32/Delf.AY is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new computers. Commonly, worms may spread directly by copying themselves to removable or network drives, or by attempting to exploit particular vulnerabilities on targeted computers. Worms also often attempt to spread via platforms that require user interaction in order to run. They may send themselves as an attachment to an email or an instant message, or send a link to a copy of themselves in the body of a message. In these cases the message needs to be convincing enough to encourage the victim to click on the link or attachment and run or download a copy of the worm.

Windows Defender detects and removes this threat.

This threat can use your PC for Bitcoin mining. This can make your PC run slower than usual.

It can be installed when you download other applications, such as key-generating software.

Find out ways that malware can get on your PC.  

Windows Defender detects and removes this threat.

This threat downloads and installs other programs, including other malware, onto your PC without your consent.

Find out ways that malware can get on your PC.

Worm:MSH/Cibyz.A is a proof-of-concept P2P worm written in Windows PowerShell script. The worm cannot run automatically. A user must purposely engage in several actions in order to deliberately cause the worm to run. The specific steps required to cause Worm:MSH/Cibyz.A to run are outlined here:
http://blogs.msdn.com/powershell/archive/2006/08/03/687838.aspx

 

When Worm:MSH/Cibyz.A does run, it overwrites files with the following file extensions: .bat, .cmd, .log, .ini, .txt, .js, and .html extensions.  Worm:MSH/Cibyz.A changes the original extension to .msh after overwriting the file. Worm:MSH/Cibyz.A also prepends its code to files which have either a .msh or .ps1 file extension. The worm also spreads by copying itself to folders used by the Kazaa file sharing application.

Trojan:Win32/Womcodi.gen is a trojan that attempts to spread other malware via peer to peer file sharing.

PWS:MSIL/Parple.A is a trojan written to execute in the Microsoft .NET Framework on Windows computers. It drops and executes several script components that are used to gather sensitive and personal information. The gathered information is sent to a remote server for use by a remote attacker.