Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4320
DAT Release Date 01/28/2004
Threats Detected 85133
New Detections 187
Enhanced Detections 473

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
W32/Mydoom.b@MM Low-Profiled Low-Profiled

New Detections:

Program (28)
   (1)
    Tool/nik
  Adware (2)
    Adware-SearchAid
    Adware-RightFind
  Dialer (1)
    Generic Dialer.b
  Flooder (1)
    FDoS-Dros
  Joke (1)
    FakeFormat.j joke
  Malware Tool (17)
    VTool/pvw
    VTool/hlla
    VTool/duk20
    VTool/duk18
    HTool/fudi
    HTool/dcf
    VTool/mag8
    VTool/finc
    VTool/duk19
    VTool/bin2t
    VTool/av24
    HTool/sud
    VTool/av25
    HTool/root
    HTool/patch2
    HTool/nosh
    HTool/ahak1
  Tool (1)
    Tool-Netacess
  Win32 (4)
    Sqlck
    Spoof-Xunil
    Reboot-AB
    Wircd
Trojan (70)
   (2)
    LoveSatan
    Foly
  Application extension (3)
    BackDoor-AQO.dll
    PWS-Bancban.dll
    BackDoor-AVW.dll
  Disk erasing (1)
    QZap356
  Downloader (5)
    Downloader-GR
    Downloader-GW
    Downloader-GV
    Downloader-GT
    Downloader-GS
  Dropper (6)
    AdClicker-O.dr
    MultiDropper-IY
    StartPage-BB.dr
    PWS-Progent.dr
    BackDoor-CBT.dr
    Firedaemon.dr
  Exploit (3)
    UNIX/Exploit-Maelstr
    Linux/Exploit-Fmtxp
    Exploit-IIS.Dehjet
  Flooder (4)
    FDoS-Visin
    FDOS-UNF.a
    FDOS-UNF.b
    FDoS-Atho.h
  Generic (1)
    BackDoor-JZ.gen.b
  Internet Relay Chat (1)
    IRC/Izzik
  Keylogger (1)
    Keylog-Sabood
  Linux (13)
    Linux/Exploit.Fmtxp.lnk
    Linux/DoS-Hestra
    Linux/DoS-Neon
    Linux/DoS-Melt
    Linux/DoS-Kod
    Linux/DoS-Targ
    Linux/DoS-Darkwar
    Linux/DoS-Scut
    Linux/DoS-Chrome
    Linux/Exploit.Odlig.lnk
    Linux/DoS-Sprite
    Linux/DoS-Nocwage
    Linux/DoS-Hella
  Malware Tool (1)
    Linux/Rootkit-S
  Password Stealer (1)
    Linux/PWS-Pampom
  ProcKill (2)
    ProcKill-BL
    ProcKill-BK
  Remote Access (5)
    BackDoor-CBR
    BackDoor-BCB
    BackDoor-CBU
    BackDoor-CBS
    BackDoor-CBT
  Script (7)
    Univ.script/99
    Bat/ren6
    Bat/qd184
    Bat/avk17
    Bat/avk16
    JS/AdClicker-AG
    Bat/mkd23
  StartPage (4)
    StartPage-BF
    StartPage-BC
    StartPage-BE
    StartPage-BD
  Win32 (10)
    Tanze
    Shaska
    Zapyxu
    Del-443
    Ruscrem
    Del-441
    QHosts-4
    Del-442
    Del-440
    DoS-GGOne
Virus (89)
   (3)
    Medical.187b
    HLL.2368
    Krang.2479
  Damaged (2)
    W32/Mumo.dam
    W32/Ennumi.dam
  Dropper (3)
    HLLT.5731b.dr
    Komi.dr
    Linux/Satyr.dr
  E-mail (1)
    W32/Mydoom.b@MM
  Generic (3)
    W32/Mumo.gen
    W95/Esmeralda.gen
    W32/Arboc.gen
  Intended (1)
    W32/Letin.intd
  Macro (1)
    X97M/Neg.M
  Win32 (5)
    W32/Notime
    W32/Mertian!reg
    W32/Forfun
    W32/Faril
    W32/Chiton.s
  Win9x (2)
    W95/Rinim.536
    W95/Henky.Henze.d
  Worm (68)
    W32/Spybot.worm.zh
    W32/Spybot.worm.aas
    W32/Spybot.worm.aak
    W32/Gaobot.worm.hw
    W32/Gaobot.worm.hv
    W32/Gaobot.worm.ho
    W32/Gaobot.worm.hj
    W32/Gaobot.worm.hh
    W32/Gaobot.worm.hb
    W32/Gaobot.worm.hr
    W32/Gaobot.worm.hp
    W32/Gaobot.worm.hi
    W32/Gaobot.worm.hf
    W32/Gaobot.worm.he
    W32/Spybot.worm.aam
    W32/Spybot.worm.zi
    W32/Spybot.worm.aaq
    W32/Spybot.worm.yz
    W32/Spybot.worm.yy
    W32/Spybot.worm.yx
    W32/Spybot.worm.yw
    W32/Spybot.worm.yv
    W32/Spybot.worm.yu
    W32/Gaobot.worm.hu
    W32/Spybot.worm.aal
    W32/Spybot.worm.za
    W32/Spybot.worm.aao
    W32/Spybot.worm.aan
    W32/Spybot.worm.aaj
    W32/Spybot.worm.aai
    W32/Spybot.worm.aag
    W32/Spybot.worm.aaf
    W32/Spybot.worm.aae
    W32/Spybot.worm.aac
    W32/Spybot.worm.aab
    W32/Spybot.worm.aaa
    W32/Spybot.worm.zz
    W32/Spybot.worm.zy
    W32/Spybot.worm.zx
    W32/Spybot.worm.zw
    W32/Spybot.worm.zu
    W32/Spybot.worm.zs
    W32/Spybot.worm.zr
    W32/Spybot.worm.zp
    W32/Spybot.worm.zo
    W32/Stuplo.worm
    W32/Spybot.worm.zd
    W32/Spybot.worm.aar
    W32/Spybot.worm.aah
    W32/Spybot.worm.aad
    W32/Spybot.worm.zv
    W32/Spybot.worm.zt
    W32/Spybot.worm.zj
    W32/Spybot.worm.ze
    W32/Spybot.worm.zb
    W32/Spybot.worm.qo
    W32/Spybot.worm.qq
    W32/Gaobot.worm.hm
    W32/Gaobot.worm.hg
    W32/Gaobot.worm.ge
    W32/Spybot.worm.zn
    W32/Spybot.worm.zm
    W32/Spybot.worm.zl
    W32/Spybot.worm.zk
    W32/Spybot.worm.zf
    W32/Spybot.worm.zc
    W32/Spybot.worm.ys
    W32/Mertian.worm

Enhanced Detections:

Virus (53)
   (8)
    Medical.197
    Medical.189d
    Medical.189c
    Medical.189b
    Medical.189a
    Medical.188
    Medical.187
    ADtrojan
  Application extension (2)
    W32/Stepan.dll
    W32/Netspree.dll
  Configuration settings (1)
    VBS/Gaggle.ini
  Dropper (3)
    Medical.189c.dr
    Hare.dr
    W95/Rinim.476.dr
  Dropper Script (1)
    Univ.bat/99.dr
  E-mail (1)
    W32/Kindal@MM
  E-mail worm (2)
    W32/Quis@MM
    Backdoor-ANU
  File Infector (1)
    Medical
  Generic (1)
    W95/Henky.Henze.gen
  Generic Worm (2)
    W32/Wotron.worm.gen
    W32/Raleka.worm.gen
  ICQ Messaging (1)
    ICQ-Cess
  Internet Relay Chat Worm (1)
    W32/Rosya.worm!irc
  Internet Worm (2)
    W32/XTC@MM
    W32/Nimda.gen@MM
  Linux (2)
    Linux/Satyr.b
    Linux/Satyr.a
  Malware Tool (1)
    Hustler.Kit
  Peer To Peer (1)
    W32/Splint!p2p
  Script (1)
    W32/Lykov.vbs
  Win32 (9)
    W32/Lazi.c
    W32/Lazi.a
    New Win32.s
    W32/Chiton.c
    W32/Chiton.r
    W32/Chiton.a
    W32/Torun
    W32/Lazi.b
    W95/Esmeralda
  Win9x (5)
    W95/Henky.Henze.c
    W95/Rinim.459
    W95/Rinim.378
    W95/Rinim.480
    W95/Rinim.431
  Worm (8)
    W32/Pix.worm.c
    W32/Pix.worm.a
    W32/Remabl.worm
    W32/Raleka.worm.c
    W32/Raleka.worm.b
    W32/Pix.worm.d
    W32/Pix.worm.b
    W32/Raleka.worm.a
Internet Worm (1)
  Worm (1)
    W32/Cissi.worm
Trojan (406)
  - (4)
    Ladmin
    StartPage-Q
    WinNuke98
    KeyPanic
  Application extension (3)
    BackDoor-APO.dll
    BackDoor-AWQ.dll
    BackDoor-JY.dll
  Client (20)
    BackDoor-BBX.cli
    BackDoor-RP.cli
    BackDoor-AEM.cli
    BackDoor-PC.cli
    BackDoor-PW.cli
    BackDoor-NF.cli
    BackDoor-MQ.cli
    BackDoor-KF.cli
    BackDoor-JV.cli
    BackDoor-JE.cli
    BackDoor-JC.cli
    BackDoor-HQ.cli
    BackDoor-CA.cli
    BackDoor-MX.cli
    BackDoor-HK.cli
    BackDoor-FT.cli
    BackDoor-DK.cli
    BackDoor-CJ.cli
    BackDoor-AB.cli
    BackDoor-AI.cli
  Configurator (16)
    MultiDropper-EA.cfg
    MultiDropper-EF.cfg
    MultiDropper-DO.cfg
    MultiDropper-DN.cfg
    MultiDropper-DM.cfg
    KeyLog-GP.cfg
    DDoS-Slack.cfg
    Apophis.cfg
    BackDoor-ADT.cfg
    BackDoor-RP.cfg
    BackDoor-AEM.cfg
    DeathPack.cfg
    KeyLogger.c.cfg
    PWS-CT.cfg
    BackDoor-KF.cfg
    BackDoor-AI.cfg
  Damaged Dropper (1)
    BackDoor-CV.dr.dam
  Denial Of Svc (1)
    FDoS-SynKal
  Disk erasing (1)
    QZap224
  Downloader (8)
    Downloader-FH
    Downloader-ER
    IRC-Bun.dldr
    Downloader-BP
    Downloader-B
    DownLoader-E
    NTHack.ldr
    Downloader-D
  Dropper (33)
    MultiDropper-GP.c
    MultiDropper-EB
    MultiDropper-DX
    MultiDropper-FE
    PWS-LDPinch.dr
    MultiDropper-IX
    MultiDropper-EA
    MultiDropper-DS
    Keylog-Sklog.dr
    Hivir.dr
    Apophis.dr
    BackDoor-AWQ.dr
    BackDoor-AQA.dr
    BackDoor-AMI.dr
    BackDoor-ALR.dr
    BackDoor-AIB.dr
    BackDoor-AIA.dr
    BackDoor-ABX.dr
    BackDoor-ABL.dr
    BackDoor-OG.dr
    BackDoor-AIG.dr
    BackDoor-YA.dr
    BackDoor-LZ.dr
    MultiDropper-AP
    MultiDropper-AG
    MultiDropper-AE
    MultiDropper-X
    BackDoor-AGS.dr
    Orifice.dr
    PWS-DW.dr
    BackDoor-MX.dr
    BackDoor-GI.dr
    BackDoor-HQ.dr
  Exploit (3)
    Exploit-Dameware
    Exploit-IIS.Sunx
    Exploit-IIS.Xploit
  File deleting (6)
    QDel367
    QDel366
    QDel228
    QDel192
    QDel168
    QDel165
  File Deletion (1)
    QDel110
  File renaming (1)
    QName5
  File/Folder creator (1)
    QFile5
  Flooder (10)
    FDoS-UDPFlood
    FDoS-Polchat
    FDoS-Anonmail.10
    FDoS-Anonmail.35
    FDoS-SkyFire
    FDoS-ICQBomb
    FDoS-Anonmail.25
    FDoS-MSNCrash
    FDoS-Jello
    FDoS-WinNuke2
  Generic (5)
    PWS-Cslam.gen
    BackDoor-JZ.gen
    PWS-DV.gen
    PWS-AC.gen
    BackDoor-GZ.gen
  Heuristic (1)
    Spam-NewsAgent
  ICQ Messaging (1)
    ICQ-Sniffer
  Internet Relay Chat (1)
    IRC/SplitBot
  Keylogger (3)
    KeyLog-GP
    KeyLog-Cmon
    Keylog-Sklog
  Linux (1)
    Linux/DoS-Halflife
  Malware Tool (15)
    Spam-Yah
    Spam-MailReaper
    Spam-FakeMail
    Spam-Dronic
    Nuke-Portfu
    Nuke-PNuke.11
    Nuke-PNuke.10
    Nuke-Nukeit.z
    Nuke-Cyrus
    Kit-Shvk
    Spam-ICQspam1
    Nuke-Meliksah
    Spam-Absolut
    Nuke-NabKiller
    Nuke-IGMP.20A
  Password (5)
    PWS-PPort
    PWS-FF
    BackDoor-AOT
    Pws-CT
    PWS-GWGhost
  Password Stealer (28)
    PWS-Kol
    PWS-Truble
    PWS-NetMail
    PWS-Kaiser
    PWS-ISPHack
    PWS-Elo
    PWS-Helof
    PWS-FJ
    PWS-Dnstroj
    PWS-BH
    PWS-Algus
    PWS-Spy
    PWS-Keylo
    PWS-ICQInfo
    PWS-IB
    PWS-FR
    PWS-FG
    PWS-EE
    PWS-EA
    PWS-IA
    PWS-GE
    PWS-FH
    PWS-ET
    PWS-EF
    PWS-EB
    PWS-DX
    PWS-DW
    PWS-DS
  Plugin component (2)
    BackDoor-EE.plugin
    BackDoor-DK.plugin
  Remote Access (148)
    BackDoor-BAE
    Backdoor-CY
    Backdoor-Q
    BackDoor-AHP
    BackDoor-DX
    BackDoor-ZT
    Backdoor-AI.svr
    BackDoor-AMI
    BackDoor-AWQ
    BackDoor-AQA
    BackDoor-APO
    BackDoor-APA
    BackDoor-AME
    BackDoor-AKL
    BackDoor-AKI
    BackDoor-AKF
    BackDoor-AJW
    BackDoor-AJT
    BackDoor-AIO
    BackDoor-CAL
    BackDoor-CAA
    BackDoor-ASV
    BackDoor-ALR
    BackDoor-ALC
    BackDoor-AKX
    BackDoor-AKC
    BackDoor-AJG
    BackDoor-AIG
    BackDoor-AIB
    BackDoor-AHZ
    BackDoor-AHY
    BackDoor-AHQ
    BackDoor-AGW
    BackDoor-AGL
    BackDoor-AGB
    BackDoor-AFX
    BackDoor-AEC
    BackDoor-ADX
    BackDoor-ACM
    BackDoor-ABK
    BackDoor-AAV
    BackDoor-AAE
    BackDoor-UQ
    BackDoor-GO
    Backdoor-MV
    BackDoor-WO
    Backdoor-AIA
    BackDoor-AFY
    BackDoor-AFW
    BackDoor-AEL
    BackDoor-ADR
    BackDoor-ADN
    BackDoor-ADJ
    BackDoor-AAT
    BackDoor-AAD
    BackDoor-ZI
    BackDoor-ZE
    BackDoor-XV
    BackDoor-XG
    BackDoor-VP
    BackDoor-UZ
    BackDoor-DP
    BackDoor-AN
    BackDoor-AFM
    BackDoor-SR
    BackDoor-SM
    BackDoor-SL
    BackDoor-SK
    BackDoor-SG
    BackDoor-SF
    BackDoor-SD
    BackDoor-GG
    BackDoor-RM
    BackDoor-RL
    BackDoor-RK
    BackDoor-RI
    BackDoor-QU
    BackDoor-QP
    BackDoor-QH
    BackDoor-QB
    BackDoor-PX
    BackDoor-PO
    BackDoor-PM
    BackDoor-QK
    BackDoor-QA
    BackDoor-PZ
    BackDoor-PS
    BackDoor-PB
    BackDoor-OW
    BackDoor-OV
    BackDoor-NM
    BackDoor-NJ
    BackDoor-NG
    BackDoor-MS
    BackDoor-MH
    BackDoor-KO
    BackDoor-JT
    BackDoor-JQ
    BackDoor-JH
    BackDoor-IV
    BackDoor-IU
    BackDoor-IR
    BackDoor-IL
    BackDoor-HX
    BackDoor-HL
    BackDoor-HB
    BackDoor-GQ
    BackDoor-GI
    BackDoor-OX
    BackDoor-OO
    BackDoor-NZ
    BackDoor-MC
    BackDoor-JS
    BackDoor-JR
    BackDoor-JP
    BackDoor-JN
    BackDoor-JB
    BackDoor-IS
    BackDoor-IP
    BackDoor-IK
    BackDoor-ID
    BackDoor-IC
    BackDoor-IB
    BackDoor-IA
    BackDoor-HZ
    BackDoor-HU
    BackDoor-HT
    BackDoor-HS
    BackDoor-HQ
    BackDoor-HP
    BackDoor-GY
    BackDoor-GH
    BackDoor-FX
    BackDoor-FG
    BackDoor-FF
    BackDoor-EU
    BackDoor-HC
    Backdoor-HJ
    Backdoor-IW
    BackDoor-JD
    Backdoor-JW
    Backdoor-KZ
    Backdoor-NB
    Backdoor-QO
    Backdoor-QV
    Backdoor-QZ
    IRC-Speed
    Backdoor-XJ
  Script (5)
    Univ.bat/99a
    NTRootKit-B.bat
    VBS/Soad
    IRC/Flood.bv.bat
    Univ.bat/98
  Server (26)
    Downloader-CF.svr
    Apophis.svr
    BackDoor-ASW.svr
    BackDoor-BBX.svr
    BackDoor-AEM.svr
    BackDoor-ABL.svr
    BackDoor-RP.svr
    Orifice.svr
    BackDoor-QD.svr
    BackDoor-MX.svr
    BackDoor-KF.svr
    BackDoor-JY.svr
    BackDoor-JV.svr
    BackDoor-JC.svr
    BackDoor-IN.svr
    BackDoor-GH.svr
    BackDoor-PC.svr
    BackDoor-NF.svr
    BackDoor-MQ.svr
    BackDoor-JE.svr
    BackDoor-HT.svr
    BackDoor-HK.svr
    BackDoor-GQ.svr
    BackDoor-FT.svr
    BackDoor-EE.svr
    BackDoor-CJ.svr
  Spyware (1)
    Spy-IEen
  StartPage (3)
    StartPage-F
    StartPage-C
    StartPage-AU
  Trojan (1)
    Multidropper
  Win32 (51)
    MovieWorld
    AdClicker-H
    DiabloHack
    Tuoraw
    TestSpy
    PSynth
    Garra
    FileThief
    Carip
    BlackHole
    BadCon
    DoS-QQnukeall
    Winats
    Webmailcrack
    VoiceSpy
    Tuptus
    Spyderweb
    Pokey-B
    Panama
    NoSpace
    Namaz
    MBT
    Wel
    WebCracker
    UBSpws
    Tetas
    SpyTec
    Sintesys
    ScanNet
    Restart
    RCMOS
    Promises
    NetRust
    Msielib
    HappyDay
    EXWin
    Covert
    WinKiller-B
    SMSFlood
    Sexspeed
    Santa
    NTHack.FTP
    ModelX
    Logger
    KeyLogger.c
    ForYou
    Eurosol
    DeathPack
    Aggrevator
    HDKiller
    Picshow
Malware (1)
  Password (1)
    PWS-Qwak
Program (12)
   (1)
    Friend Greeting
  - (1)
    Downloader-BR
  Adware (2)
    Adware-SubSearch
    Adware-Look2Me
  Dialer (1)
    Generic Dialer
  Keylogger (2)
    Keylog-Perfect
    KeyLog-IK97
  Malware Tool (2)
    HTool/patch
    HTool/ahk
  Win32 (3)
    RemoteAnything
    Iroffer
    IGetNet