Win32/Dumaru is a family of mass-mailing worms that targets certain versions of Microsoft Windows. The worm sends itself as an e-mail attachment to addresses that it finds on the infected computer. The worm runs when the user opens the attachment. Some variants drop a backdoor Trojan. Win32/Dumaru can infect or overwrite files, open ports, connect to an IRC server, release passwords and other confidential information, and receive commands from attackers.

Backdoor:Win32/Haxdoor.CN is a rootkit-enabled backdoor trojan that gathers private user data and sends it to remote attackers. Collected data might include user names and passwords, credit card numbers, bank logon credentials, or other sensitive financial information. On NT-based systems, files and processes related to a Backdoor:Win32/Haxdoor.CN infection may be hidden by a kernel-mode rootkit component. The Backdoor:Win32/Haxdoor.CN trojan also disables firewall software and may perform other malicious actions, such as clearing CMOS settings, destroying disk data, or shutting down Windows unexpectedly. Certain components of the trojan may be detected by Microsoft as Backdoor:Win32/Haxdoor.CG.

Backdoor:Win32/Haxdoor.CG is an NT-based driver component of Backdoor:Win32/Haxdoor.CN, a rootkit-enabled trojan that gathers private user data and sends it to remote attackers. Data collected by Backdoor:Win32/Haxdoor.CN might include user names and passwords, credit card numbers, bank logon credentials, or other sensitive financial information. On NT-based systems, files and processes related to a Backdoor:Win32/Haxdoor.CN infection may be hidden by a kernel-mode rootkit component. (This component is also detected as Backdoor:Win32/Haxdoor.CG). The Backdoor:Win32/Haxdoor.CN trojan also disables firewall software and may perform other malicious actions, such as clearing CMOS settings, destroying disk data, or shutting down Windows unexpectedly.

Backdoor:Win32/Wiadomo.A is a trojan that allows limited remote access and control. The trojan could be instructed by a remote attacker to capture keystrokes and screen shots, or memory from the Windows clipboard, among other actions.

Backdoor:Win32/Refpron.D is a backdoor trojan that may perform activities such as downloading and executing arbitrary files, deleting files, terminating files, and sending system information to a remote server. It may download components that allow it to collect per-click advertising revenue from other websites.

Backdoor:Win32/Refpron.E is a backdoor trojan that may perform activities such as downloading and executing arbitrary files, deleting files, terminating files, and sending system information to a remote server. It may download components that allow it to collect per-click advertising revenue from other websites.

Backdoor:Win32/Refpron.F is a backdoor trojan that may perform activities such as downloading and executing arbitrary files, deleting files, terminating files, and sending system information to a remote server. It may download components that allow it to collect per-click advertising revenue from other websites.

Backdoor:Win32/Refpron.G is a backdoor trojan that may perform activities such as downloading and executing arbitrary files, deleting files, terminating files, and sending system information to a remote server. It may download components that allow it to collect per-click advertising revenue from other websites.

Backdoor:Win32/Refpron.H is a backdoor trojan that may perform activities such as downloading and executing arbitrary files, deleting files, terminating files, and sending system information to a remote server. It may download components that allow it to collect per-click advertising revenue from other websites.

Backdoor:Win32/Rbot.EC is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.FW is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.FY is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.FZ is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.FP is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.FR is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.FK is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.FL is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.FM is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.FO is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.DY is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.