Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4317
DAT Release Date 01/21/2004
Threats Detected 84824
New Detections 207
Enhanced Detections 300

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
There are no noteworthy threats in this release

New Detections:

Program (60)
   (5)
    Tool/rpatch
    Tool/raoff
    Tool/eras
    Generated.HLPE
    Generator.HLPE
  Adware (7)
    Adware-RCSync
    Adware-PopMonster
    Adware-PopMonster
    Adware-Vloading
    Adware-2020Search
    Adware-RCSync
    Adware-Lvup
  Application extension (1)
    Keylog-Qover.dll
  Configurator (1)
    Amitis.cfg
  Dialer (1)
    PornDial-188
  Dropper (1)
    Adware-BetterInet.dr
  Generic (2)
    Dialer-RAS.cs.gen
    Dialer-RAS.ct.gen
  Joke (8)
    Illegal joke
    FakeReboot joke
    FakeFormat.i joke
    ComputerShock joke
    MovingMouse joke
    Gsmfree joke
    FakeFormat.h joke
    FakeCrash joke
  Keylogger (1)
    Keylog-Advanced
  Malware Tool (27)
    PWCrack-Trillian
    Kit-Vanquish
    PWCrack-MailPassView
    VTool/zom7
    VTool/juliet
    VTool/evi
    VTool/duk17
    VTool/fjp
    VTool/easm
    VTool/duk16
    VTool/duk15
    VTool/dsd
    VTool/dat9
    VTool/dat8
    VTool/dat7
    VTool/dat6
    VTool/dat5
    VTool/dat4
    VTool/bers
    VTool/bar2
    VTool/av23
    VTool/arp
    VTool/aav3
    HTool/tcp
    HTool/pwcr4
    HTool/pwcr3
    HTool/kokw
  Password Stealer (1)
    PWS-KeyPeep
  ProcKill (1)
    ProcKill-ZKill
  Spyware (1)
    Spyware-SpyAgent
  Tool (1)
    Tool-NetCat
  Win32 (2)
    PortScan-SuperScan
    PortScan-Xray
Trojan (92)
   (3)
    B2C.AVKill
    ABAP/Selata
    Del-438
  - (1)
    Mendware
  Application extension (3)
    BackDoor-CBL.dll
    PWS-Narod.dll
    BackDoor-CAY.dll
  Damaged (1)
    Sub7-patch.dam
  Downloader (6)
    Downloader-ER.b
    Downloader-GO
    Downloader-GL
    Downloader-EW.b
    Downloader-GP
    Downloader-GK
  Dropper (3)
    PWS-QQPass.dr
    MultiDropper-IX
    Del-438.dr
  Generic (4)
    MultiDropper-ED.gen
    Gaslide.gen
    BackDoor-ABF.gen
    IRC/Flood.gen.b
  HTML (1)
    HTML/Hotfe
  Keylogger (1)
    KeyLog-Radar
  Password Stealer (1)
    PWS-Kadun
  Phishing (1)
    W32/Dumaru.w
  Remote Access (7)
    BackDoor-CBQ
    BackDoor-CBN
    BackDoor-CBK
    BackDoor-BCA
    BackDoor-CBP
    BackDoor-CBM
    BackDoor-CBL
  Script (46)
    Bat/syfig
    Bat/svenc
    Bat/rof
    Bat/ren5
    Bat/qd182
    Bat/qd181
    Bat/qd180
    Bat/qd179
    Bat/qd178
    Bat/qd177
    Bat/qd176
    Bat/qd175
    Bat/qd174
    Bat/qd173
    Bat/qd172
    Bat/mumy
    Bat/muha
    Bat/mkd21
    Bat/mkd20
    Bat/mkd19
    Bat/mkd18
    Bat/loop90
    Bat/loop19
    Bat/loop18
    Bat/loop17
    Bat/hide
    Bat/exw10
    Bat/exw9
    Bat/exw8
    Bat/dt76
    Bat/dt75
    Bat/dimo
    Bat/avk15
    Bat/avk14
    Bat/avk13
    Bat/kllw6
    Bat/kllw5
    Bat/kllw4
    Bat/kllw3
    Bat/kllw2
    Bat/kllw1
    VBS/Renris
    Bat/Ordin
    PHP/Dinves
    JS/CardStealer.lnk
    W32/Sdbot.bat
  Settings Change (1)
    StartPage-AX
  StartPage (5)
    StartPage-AW
    StartPage-AZ
    StartPage-BA
    StartPage-BB
    StartPage-AY
  Win32 (8)
    Proxy-Agent
    W32/Sober!data
    Del-439
    Notok
    MemLeak
    Generic Downloader.c
    QScreen6
    AdClicker-AF
Virus (55)
   (10)
    Trident.470
    Jerusalem.ex
    XYZ.441
    Tweet.207
    OC/vcl
    Lonasi
    Kellie
    HLLT.7199b
    HLLT.5731b
    HLLT.MF.4816
  Companion (2)
    Bat/nul.cmp
    W32/Golin.cmp
  Damaged (2)
    W32/Quis.dam
    W32/HLLP.dam
  Damaged Parasitic (1)
    W95/Argos.cav.dam
  Dropper (2)
    OC/cop.dr
    W95/Apparition.b.dr
  Email (1)
    W32/Dumaru.w@MM
  Intended (2)
    W95/Whalg.b.intd
    W32/Dizzy.intd
  Internet Relay Chat Worm (3)
    W32/Milol.worm.b!irc
    W32/Milol.worm.c!irc
    W32/Milol.worm.a!irc
  Peer To Peer Worm (4)
    W32/Brity.worm.b!p2p
    W32/Xsive.worm!p2p
    W32/Brutu.worm!p2p
    W32/Brity.worm.a!p2p
  Script (4)
    Bat/sdwn2
    Bat/mykl
    Bat/Mumu.irc
    VBS/Keftin
  Win32 (6)
    W32/Torun
    W32/Ipamor.e
    W32/Doser.4539c
    W32/Cheval
    W32/Nohoper
    W32/Ingax.568dr
  Win9x (3)
    W95/Icer.619a
    W95/Whalg.a
    W95/Icer.619b
  Worm (15)
    W32/Imbiat.worm
    W32/Gaobot.worm.hd
    W32/Gaobot.worm.hq
    W32/Gaobot.worm.hl
    W32/Spybot.worm.yr
    W32/Spybot.worm.yo
    W32/Gaobot.worm.hn
    W32/Flak.worm
    W32/Alanis.worm.b
    W32/Spybot.worm.yq
    W32/Spybot.worm.yp
    W32/Spybot.worm.tw
    W32/Arequipa.worm.d
    W95/Foner.worm
    W32/Morph.worm

Enhanced Detections:

Internet Worm (6)
  AOL Password (1)
    W32/Funso.gen@MM
  Internet Worm (1)
    W32/Zoek.worm
  Win32 (4)
    W32/BleBla.a@MM
    W32/BleBla.b@MM
    W32/Yarner.gen@MM
    W32/Cervivec@MM
Program (12)
   (5)
    VObj14
    VObj9
    VObj5
    Generator.SMEG
    VObj11
  Generic (2)
    Dialer-RAS.bd.gen
    Dialer-RAS.ae.gen
  Malware Tool (1)
    VTool/mbc2
  Win32 (4)
    RemoteProcessLaunch
    PSKill
    Nmap
    PosX
Trojan (41)
  - (1)
    IRC/Flood.tool
  Application extension (2)
    CoreFlood.dll
    PWS-PPort.dll
  Client (1)
    BackDoor-AZS.cli
  Configurator (1)
    BackDoor-AZS.cfg
  DOS (1)
    Unsafe COM
  Downloader (4)
    Downloader-CT
    Downloader-GJ.b
    BackDoor-CBJ.dldr
    Downloader-AC
  Dropper (3)
    IRC/Flood.dh.dr
    PWS-Spymail.dr
    IRC/Flood.ad.dr
  E-mail (1)
    Proxy-Regate
  Exploit (1)
    Exploit-NoCheat
  Flooder (1)
    FDoS-Mixtar
  Generic (2)
    BackDoor-AZS.gen
    PWS-M2.gen
  Internet Relay Chat (2)
    IRC-Caid
    IRC/Flood.b
  Internet Worm (1)
    W32/QAZ.worm
  Malware Tool (1)
    Kit-Sevenc
  Password Stealer (3)
    PWS-FixErr
    PWS-Spymail
    PWS-QQPass.b
  Remote Access (2)
    BackDoor-AZS
    BackDoor-CAW
  Script (6)
    Univ.bat/99
    Bat/qd999
    Bat/loop20
    Bat/qd998
    Bat/bolt
    VBS/SevenC
  Server (3)
    BackDoor-WF.svr.rmv
    BackDoor-WF.svr
    BackDoor-Sub7.svr
  VbScript (1)
    VBS/Shuker
  Win32 (4)
    W32/Gunsan.worm
    W32/Tinit.b
    W32/Tinit.a
    Sub7-patch
Virus (241)
   (19)
    LME.6450
    PKVX
    Smgtest
    MPC.1207
    ARCV.Scroll.817
    ARCV.Scroll.804
    ARCV.Scroll.803
    ARCV.Scroll.795
    VCC.b
    Remember
    MTZ.4510
    FiveVolts.2659
    EIC-TF
    OC/dl
    OC/dk
    OC/dj
    OC/de
    HLLT.7199
    HLLT.5731
  Application extension (5)
    W32/Sowsat.dll
    W32/Pate.b.dll
    W32/Pate.c.dll
    W32/Pate.a.dll
    W32/Lamchi.dll
  Companion (1)
    W32/Abessive.cmp
  Damaged (3)
    W32/Yaha.dam
    W32/Swen.dam
    W32/Fizzer.dam
  Damaged Parasitic (1)
    W32/Elkern.cav.c.dam
  Dropper (8)
    W32/Stepan.dr
    W32/Cervan.dr
    W95/Whalg.dr
    W32/Cheval.dr
    W32/Ingax.856.dr
    W32/Ingax.840.dr
    W32/Ingax.644.dr
    W32/Ingax.568.dr
  E-mail (8)
    W32/Bagle@MM
    W32/Yaha.d@MM
    W32/Yaha.c@MM
    W32/DoTor@MM
    W32/MsWorld@MM
    W32/Hadra@M
    W32/PetTick@MM
    W32/Gibe@MM
  E-mail worm (8)
    W32/Dumaru.c@MM
    W32/Nomis.worm
    W32/Hobbit.c@MM
    W32/Hobbit.b@MM
    W32/Wconn@MM
    W32/Fishlet@MM
    W32/PetLil@MM
    W32/Porman@MM
  Email (76)
    W32/Sowsat.n@MM
    W32/Sowsat.i@MM
    W32/BackZat.d@MM
    W32/Dumaru.k@MM
    W32/Fog@MM
    W32/Zokrim.r@MM
    W32/Zokrim.q@MM
    W32/Zokrim.c@MM
    W32/Zokrim.b@MM
    W32/Zokrim.a@MM
    W32/Yaha.e@MM
    W32/Yaha.a@MM
    W32/Valha@MM
    W32/Stator@MM
    W32/Sowsat.g@MM
    W32/Sowsat.e@MM
    W32/Sowsat.c@MM
    W32/Sowsat.a@MM
    W32/Pimple.b@MM
    W32/Nimda.q@MM
    W32/Nimda@MM
    W32/Nimda.j@MM
    W32/Nimda.l@MM
    W32/Nimda.f@MM
    W32/Nimda.b@MM
    W32/Music@M
    W32/Miriam@MM
    W32/Langex@MM
    W32/Horo@MM
    W32/Hobbit.e@MM
    W32/Dumaru.i@MM
    W32/BackZat.j@MM
    W32/BackZat.h@MM
    W32/Scrambler.e@MM
    W32/Rigsi@MM
    W32/Poetry@M
    W32/Pimple.a@MM
    W32/Notfam@MM
    W32/Nimda.s@MM
    W32/Nimda.p@MM
    W32/Nimda.o@MM
    W32/Nimda.i@MM
    W32/Nimda.n@MM
    W32/Nimda.m@MM
    W32/Nimda.h@MM
    W32/Nimda.c@MM
    W32/MyLife@MM
    W32/LostWord@MM
    W32/Hobbit.f@MM
    W32/Hobbit.d@MM
    W32/FreeTrip@MM
    W32/Fever.a@M
    W32/Dumaru.r@MM
    W32/Dumaru.l@MM
    W32/Dumaru.g@MM
    W32/Dumaru.e@MM
    W32/Dumaru.b@MM
    W32/Chichis@MM
    W32/BleBla.d@MM
    W32/Bajar@MM
    W32/BackZat.b@MM
    W32/Alcop@MM
    W32/Dumaru.f@MM
    W32/Dumaru.d@MM
    W32/BleBla.e@MM
    W32/BleBla.c@MM
    W32/Apbot@MM!DDoS
    W32/BackZat.i@MM
    W32/BackZat.f@MM
    W32/BackZat.c@MM
    W32/BackZat.a@MM
    W32/Anaph@MM
    W32/Sowsat.f@MM
    W32/Sowsat.b@MM
    W32/Sowsat.d@MM
    W32/Dumaru.m@MM
  Email Generic (7)
    W32/Enemany.gen@MM
    W32/Zokrim.gen@MM
    W32/Plage.gen@M
    W32/Pimple.gen@MM
    W32/Maldal.gen@MM
    W32/Fizzer.gen@MM
    W32/Cherich.gen@MM
  Generic (4)
    W32/Stepan.gen
    W95/Bistro.gen
    W32/Cheval.gen
    W32/Alcop.gen
  Generic Peer To Peer Worm (1)
    W32/Spear.worm.gen!p2p
  Generic Worm (1)
    W32/Eggnog.worm.gen
  Intended (5)
    W95/Zombie.intd
    W95/Roma.intd
    W32/Poson.intd
    W32/Hobbit.intd
    W95/Icer.intd
  Internet Relay Chat Worm (1)
    W32/Zippy.worm!irc
  Internet Worm (7)
    W32/Dumaru.j@MM
    W32/Tzet.worm.f
    W32/Hobbit.a@MM
    W32/Yaha.g@MM
    W32/Duni.worm.c
    W32/BadTrans@MM
    W32/Gokar@MM
  Macro (1)
    W97M/Beast.a/b
  Overwriting (1)
    W32/Corruptor.ow
  P2P Worm (2)
    W32/Cake.worm!p2p
    W32/Poscal.worm
  Peer To Peer (1)
    W32/Naid!p2p
  Peer To Peer Worm (3)
    W32/Supova.worm!p2p
    W32/Margera.worm!p2p
    W32/Halfint.worm!p2p
  Script (4)
    Bat/shutdown
    Bat/tns
    Bat/roo
    Bat/uo
  Script Worm (1)
    W32/Sites.worm.bat
  Server (1)
    W32/LOM.svr
  Unpacked (1)
    HLLT.7199.unp
  Win32 (22)
    W32/Stepan.k
    W32/Stepan.j
    W32/Stepan.i
    W32/Stepan.f
    W32/Stepan.d
    W32/Stepan.b
    W32/Deemo.b
    W32/Deemo.a
    W32/Yahoxer
    W32/Winatch
    W32/Rewin
    W32/Petal
    W32/Cheval.f
    W32/Bumper
    W32/Antine
    W32/Alcop.ao
    W32/Dumaru
    W32/Clost
    W32/Cheval.e
    W32/BackZat
    W32/Alcop.ar
    W32/ExploreZip.worm@M
  Win9x (5)
    W95/Apparition.a
    W95/Apparition.b
    W95/Vaivnet
    W95/Icer.773
    W95/Bora
  Worm (44)
    W32/Duni.worm.b
    W32/Zoek.worm.f
    W32/Zoek.worm.e
    W32/Zoek.worm.d
    W32/Zoek.worm.c
    W32/Zoek.worm.b
    W32/Zoek.worm.a
    W32/Xelif.worm
    W32/Walkery.worm
    W32/Vifiter.worm
    W32/Tulu.worm
    W32/Supeboy.worm
    W32/Sorin.worm
    W32/Randir.worm
    W32/Kilonce.worm.c
    W32/Kilonce.worm.a
    W32/Israz.worm.b
    W32/Black.worm
    W32/Azak.worm
    W32/Sites.worm
    W32/Rated.worm
    W32/Prodvin.worm
    W32/Pam.worm
    W32/Mong.worm
    W32/Kilonce.worm.b
    W32/Israz.worm.a
    W32/Hobbit.worm
    W32/Duni.worm.a
    W32/Blitzdung.worm
    W32/Amazex.n.worm
    W32/Amazex.l.worm
    W32/Amazex.j.worm
    W32/Amazex.h.worm
    W32/Amazex.f.worm
    W32/Amazex.d.worm
    W32/Amazex.b.worm
    W32/Amazex.m.worm
    W32/Amazex.k.worm
    W32/Amazex.i.worm
    W32/Amazex.g.worm
    W32/Amazex.e.worm
    W32/Amazex.c.worm
    W32/Amazex.a.worm
    W32/Sos.worm