Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4298
DAT Release Date 10/15/2003
Threats Detected 81381
New Detections 253
Enhanced Detections 147

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
BackDoor-BAM Low-Profiled Low-Profiled

New Detections:

Program (26)
  Adware (6)
    Adware-SaveNow
    Adware-Httper
    Adware-BHO.gen
    Adware-Webone
    Adware-Zipclix
    Adware-BestPhrases
  Application extension (3)
    Adware-RBlast.dll
    Spy-PCLog.dll
    W32/Inmota.dll
  Downloader (1)
    Adware-Lvup.dldr
  Dropper (1)
    PortScan-X.dr
  Generic (3)
    Dialer-RAS.bz.gen
    Dialer-RAS.bx.gen
    Dialer-RAS.by.gen
  Joke (2)
    Talker joke
    Hellfere joke
  Malware Tool (3)
    PWCrack-Rainbow
    HTool/phk
    VTool/bior
  Tool (1)
    Application PWCrack-Rainbow
  Win32 (6)
    RemAdm-UCRS
    WMain
    Spy-PCLog
    QWHack
    PortScan-X
    IMIServer.download
Trojan (96)
   (1)
    Snake
  Application extension (2)
    Downloader-EP.dll
    BackDoor-BAC.dll
  Client (3)
    JV/BackDoor-KDB.cli
    BackDoor-BAC.cli
    BackDoor-BAB.cli
  Configurator (5)
    Downloader-EM.cfg
    Downloader-EN.cfg
    Downloader-EO.cfg
    BackDoor-BAC.cfg
    MultiDropper-HN.cfg
  Disk erasing (1)
    QZap339
  Downloader (10)
    VBS/Zerolin
    Downloader-EQ
    Downloader-EN
    Downloader-EM
    Downloader-EL
    Downloader-EO
    Proxy-Daemonize.ldr
    Downloader-EP
    Proxy-FBSR.dldr
    Proxy-Daemonize.dldr
  Dropper (4)
    IRC/Flood.di.dr
    Proxy-Daemonize.dr
    Generic PWS.dr
    MultiDropper-HN
  Exploit (2)
    Exploit-NRGScan
    Exploit-UserHost
  Generic (4)
    Kather.gen.b
    BackDoor-AZX.gen
    BackDoor-APQ.gen
    BackDoor-SL.gen
  Internet Relay Chat (2)
    IRC/Flood.di
    IRC/Flood.dj
  Macro (1)
    A97M/AcceV.b
  Password Stealer (3)
    PWS-GTThief
    PWS-QQ
    PWS-Lanzon
  PornDialer (1)
    QDial14
  Proxy (2)
    Proxy-Slanper
    Proxy-Uppdate
  Remote Access (12)
    BackDoor-BAM
    BackDoor-BAC
    BackDoor-BAJ
    BackDoor-BAH
    BackDoor-AZZ
    BackDoor-AZW
    BackDoor-BAL
    BackDoor-BAI
    BackDoor-BAF
    BackDoor-AZY
    BackDoor-AZX
    BackDoor-AZI
  Script (35)
    VBS/Sigrey
    Bat/qz56
    Bat/qz54
    Bat/qz49
    Bat/qd129
    Bat/qd127
    Bat/qd125
    Bat/qd123
    Bat/qd121
    Bat/prod
    Bat/mkd7
    Bat/loop10
    Bat/kbd3
    Bat/dt53
    Bat/dt51
    Bat/avk5
    Bat/arm
    VBS/RegDelete
    VBS/Bing
    Bat/qz57
    Bat/qz55
    Bat/qz50
    Bat/qd130
    Bat/qd128
    Bat/qd126
    Bat/qd124
    Bat/qd122
    Bat/qd120
    Bat/net
    Bat/mkd6
    Bat/dt54
    Bat/dt52
    Bat/dt50
    Bat/avk4
    Bat/haha
  Server (2)
    BackDoor-BAB.svr
    BackDoor-BAC.svr
  Tool (2)
    Tool-Biweaver
    Tool-AIWon
  Win32 (4)
    ExitWin-C
    Generic Downloader.b
    AdClicker-W
    Generic Downloader
Virus (131)
   (17)
    Youth.555.e
    Youth.555.d
    PHB.4421
    Jerusalem.ev
    Voyager.669
    Sphinx.2570
    PXS
    HB.380
    Buttsnot
    Baron.1794
    HLLT.5136
    Ontario.511a
    Wonk.479
    Torn.5024
    Shaz.265
    Guava.488
    BootDr262
  Application extension (1)
    W32/NGVCK.5216.dll
  Application extension Worm (2)
    W32/Busan.worm.dll
    W32/Busan.worm.d.dll
  Companion (2)
    HLL.cmp.3616
    HLL.cmp.3573
  Damaged (2)
    Vbasic.dam
    W32/HLLP.Gogo.dam
  Demonstration (1)
    W32/Redemption.demo.b
  Dropper (7)
    Pixel.d.dr
    W95/Tolone.dr
    W32/Towloh.dr
    VCC.f.dr
    Nigro.dr
    W32/Siller.2050.dr
    W32/Astef.dr
  Dropper Overwriting (1)
    Univ.ow/b.drx
  Email (3)
    W32/Smilex@MM
    W32/Menthol.c@MM
    MSIL/Freity@MM
  File Infector (1)
    W32/HLLP.Gogo
  Generic (4)
    W32/Smog.gen
    W95/Smaller.gen
    W32/Silcer.gen
    W32/Nemsi.gen
  Generic Worm (5)
    W32/Sluter.worm.gen
    W32/Gaobot.worm.gen.b
    W32/Serab.worm.gen
    W32/Renater.worm.gen
    W32/Hopalon.worm.gen
  Intended (2)
    W32/Wolk.intd
    W95/Boza.j.intd
  Internet Relay Chat (1)
    IRC/Vein
  Internet Relay Chat Worm (1)
    W32/Jane.worm!irc
  Internet Worm (5)
    W32/Inmota.worm
    W32/Yaha.aa@MM
    W32/Gaobot.worm.ak
    W32/Sdbot.worm.73728
    W32/Torvil.b@MM
  Macro (1)
    W97M/NJ-DLK1.p
  Overwriting (1)
    W32/Sillyc.ow.6006
  Overwriting Script (1)
    HLL.ow.Matresh.vbs
  Partition (2)
    Half-Life
    Darkland
  Peer To Peer (2)
    W32/Migls!p2p
    W32/Cabby!p2p
  Peer To Peer Worm (5)
    W32/Waxi.worm!p2p
    W32/Ogid.worm!p2p
    W32/Milcan.worm.c!p2p
    W32/Milcan.worm.b!p2p
    W32/Milcan.worm.a!p2p
  Script (8)
    Perl/Vich
    Bat/Tezu
    VBS/Nocrep
    VBS/Elkod
    VBS/Bacil
    W32/Waxi.bat
    Bat/sity
    Bat/lia.5c
  Unpacked (1)
    HLLT.5136.unp
  Win32 (13)
    W32/Towloh
    W32/Generic.c
    W32/Slow
    W32/Siller.2050
    W32/Silcer.c
    W32/Rikenar.b
    W32/Rikenar.a
    W32/Proud
    W32/Nichtse
    W32/NGVCK.a.919
    W32/NGVCK.919dr
    W32/MGF
    W32/Klinge.d
  Win9x (10)
    W95/Yabram.3087
    W95/Yabram.2828
    W95/Yabram.3132
    W95/Seek.5924
    W95/Repus.388
    W95/Repus.368
    W95/Repus.256c
    W95/Repus.256b
    W95/Repus.256a
    W95/Lorez.d
  Worm (32)
    W32/Spybot.worm.pl
    W32/Spybot.worm.ph
    W32/Spybot.worm.px
    W32/Gaobot.worm.ac
    W32/Spybot.worm.py
    W32/Gaobot.worm.aj
    W32/Gaobot.worm.ad
    W32/Spybot.worm.qi
    W32/Spybot.worm.pp
    W32/Spybot.worm.pu
    W32/Spybot.worm.pt
    W32/Spybot.worm.ps
    W32/Spybot.worm.pr
    W32/Spybot.worm.pq
    W32/Spybot.worm.po
    W32/Spybot.worm.pn
    W32/Spybot.worm.pm
    W32/Spybot.worm.pk
    W32/Spybot.worm.pg
    W32/Spybot.worm.pf
    W32/Spybot.worm.pw
    W32/Spybot.worm.pv
    W32/Spybot.worm.pj
    W32/Spybot.worm.pi
    W32/Clepa.worm
    W32/Alcop.bc.worm
    W32/Sluter.worm.e
    W32/Roaller.worm
    W32/Liudehua.worm
    W32/Deborm.worm.ai
    W32/Busan.worm.d
    W32/Alcop.bb.worm

Enhanced Detections:

- (1)
  Worm (1)
    W32/IntTest.worm
Internet Worm (1)
  Remote Access (1)
    W32/AceBot.worm
Program (2)
   (1)
    IMIServ
  Joke (1)
    HelpDesk joke
Trojan (29)
   (1)
    Justas
  Configurator (1)
    Downloader-Z.cfg
  Downloader (1)
    Rapix.dldr
  Dropper (2)
    IRC/Flood.cj.dr
    IRC/Flood.ci.dr
  Exploit (1)
    Exploit-ElSo
  Flooder (1)
    FDoS-Dink
  Internet Relay Chat (1)
    IRC/Flood.ci.hidewin
  Keylogger (1)
    Keylog-Fearless
  Malware Tool (1)
    PWCrack-Destrip
  mIRC client (1)
    IRC/Flood.ci.mirc
  Password Stealer (1)
    PWS-Train
  Remote Access (7)
    Proxy-Thunker
    BackDoor-XO
    BackDoor-KF
    BackDoor-ARW
    BackDoor-AXG
    BackDoor-FS
    BackDoor-ZS
  Script (6)
    JS/UnPlugged
    Bat/abq
    Bat/abp
    Bat/abo
    Bat/mun
    Bat/set4
  Tool (1)
    Tool-Apher
  Trojan (1)
    Backdoor-APQ
  Win32 (2)
    Rapix
    Nucscan
Virus (114)
   (38)
    Mad.5131
    Helloween.1376l
    Helloween.1182a
    Helloween.1376k
    Helloween.1376g
    Helloween.1376f
    Helloween.1384
    Helloween.1376c
    Helloween.1376
    Helloween.1376j
    Helloween.1376i
    Helloween.1376h
    Helloween.1401
    Helloween.1888
    Helloween.1376d
    Helloween.1376b
    Helloween.1182b
    Helloween.1376e
    Helloween.1839a
    Helloween.1430
    Helloween.1228
    Helloween.1839b
    Helloween.1447
    Helloween.1288
    Helloween.1227
    Helloween.1376m
    Helloween.1376n
    Fumble
    Sphinx.2578
    Sphinx.2548
    Sphinx.2536
    Sphinx.2520
    Sphinx.2534
    Headache.269b
    Headache.269a
    HDS.2738
    Fyno.4301
    Fun.651
  Application extension Worm (3)
    W32/Lastas.worm.dll
    W32/Busan.worm.b.dll
    W32/Busan.worm.a.dll
  Companion (4)
    W32/Bee.cmp.24576
    HLL.cmp.3488
    Mariano.cmp
    W32/HLL.cmp.Nosyst
  Companion Dropper (1)
    Dig.cmp.dr
  Damaged (1)
    Jeru.dam
  Demonstration (1)
    W32/Redemption.demo
  Dropper (6)
    W95/Yabram.dr
    W95/Seek.dr
    Vienna.648.dr
    W32/Generic.c.dr
    Sphinx.dr
    Shadow.dr
  Dropper Worm (1)
    W32/Amok.worm.dr
  Email (2)
    W32/Menthol.b@MM
    W32/Menthol.a@MM
  File Infector (1)
    Funeral
  Generic (4)
    W95/Sgww.gen
    W95/Seek.5889.gen
    W32/Integr.gen
    W32/Infis.gen
  Generic Worm (2)
    W32/Slanper.worm.gen
    W32/Amok.worm.gen
  Intended (1)
    W32/Ivaz.intd
  Internet Worm (3)
    W32/Smibag.worm
    W32/Yaha.t@mm
    W32/Lovelorn@MM
  Malware Tool (1)
    Buzz.kit
  Overwriting (3)
    W32/Kamik.ow
    Scorn.ow
    W32/Langly.ow
  Parasitic (2)
    HLLP.5567
    W32/HLLP.34304
  PHP Script (1)
    PHP/Virdrus
  Universal (1)
    Univ/m
  VbScript (2)
    VBS/Tertob
    VBS/Nemite@MM
  Win32 (23)
    W32/Redemption
    W32/Knight.2346
    W32/Integr.1112
    W32/Knight.2304b
    W32/Knight.2048
    W32/Knight.a
    W32/Mahter
    W32/Lanky.b
    W32/Knight.2350
    W32/Ivaz
    W32/Lanky.a
    W32/Knight.2092
    W32/Knight.b
    W32/Knight.2304a
    W32/Knight.2290
    W32/Ladmar
    W32/LOM
    W32/Krad.1030
    W32/Integr.1151
    W32/Integr.1992
    W32/Integr.1815
    W32/Integr.105x
    W32/Inrar
  Win9x (4)
    W95/Ilmx
    W95/Yabram
    W95/Javel.512
    W95/Lovesong
  Worm (9)
    W32/Korvar
    W32/Manex.worm
    W32/Locky.worm
    W32/Lastas.worm
    W32/Busan.worm.b
    W32/Busan.worm.a
    IRC/Seiseni.worm
    W32/Ladex.worm
    W32/Langly.worm