Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4323
DAT Release Date 02/11/2004
Threats Detected 85881
New Detections 242
Enhanced Detections 205

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
W32/Doomjuice.worm.a Low-Profiled Low-Profiled
W32/Doomjuice.worm.b Low-Profiled Low-Profiled

New Detections:

Internet Worm (1)
  Internet Worm (1)
    W32/Doomjuice.worm.b
Malware (1)
  Win32 (1)
    Exploit-Mydoom
Program (42)
  Adware (3)
    Adware-BuddyLinks
    Adware-TsCash
    Adware-Conspy
  Application extension (1)
    PSpy.dll
  Downloader (1)
    Adware-POP.dldr
  Dropper (2)
    Keylog-ActiveKey.dr
    Adware-FreeComm.dr
  Generic (1)
    Dialer-RAS.cu.gen
  Joke (2)
    Farce joke
    Autodestruct joke
  Keylogger (9)
    Keylog-StealthLogger
    Keylog-Nano
    Keylog-Keyspy
    Keylog-KeyGhost.tool
    Keylog-Ikitek
    Keylog-Amecisco.vxd
    Keylog-Amecisco
    Keylog-AdvancedKey
    Keylog-Skin98.vxd
  Malware Tool (8)
    VTool/qomar
    HTool/bfc
    VTool/av38
    VTool/av36
    HTool/kaz
    HTool/hbbg
    VTool/tpe5
    VTool/smne
  Remote Access (1)
    Application RemAdm-URCS
  Self-extracting archive (1)
    Keylog-Amecisco.sfx
  Spyware (4)
    Spyware-XPCSpy
    Spyware-MiniKeyLog
    Spyware-ActivityMon
    Spyware-ActivityLog
  Tool (5)
    Tool-Supervisor
    Tool-SPC
    Tool-HttpTunnel
    Tool-EasyIDCreator
    Tool-DFSG
  Win32 (4)
    RemAdm-URCS
    MDACScan
    Delshare.h
    RemAdm-ABG
Trojan (69)
   (2)
    B2C.Delwin4
    QHosts-5
  Application extension (2)
    PWS-Progent.dll
    PWS-ICQDecrypt.dll
  Denial Of Svc (1)
    FDos-Medusa
  Downloader (5)
    Vorofer
    Downloader-HG
    Downloader-HH
    Downloader-HF
    AdClicker-AF.dldr
  Dropper (4)
    Bat/qz69.dr
    Bat/dt81.dr
    Keyhook.dr
    Iroffer.dr
  Exploit (2)
    Exploit-Confusion
    Unix/Exploit-Xlight
  Flooder (1)
    IRC/FDoS-Diego
  Generic (4)
    Proxy-Mitglieder.gen.b
    Proxy-Mitglieder.gen
    DDoS-Asm.gen
    BackDoor-WB.gen.b
  Internet Relay Chat (1)
    IRC-Peka
  Keylogger (1)
    Keylog-WDaat
  Linux (1)
    Linux/Vlogger
  Malware Tool (2)
    Kit-NMake
    Kit-Doget
  Password Stealer (5)
    PWS-Xlo
    PWS-Manager
    PWS-Kpwd
    PWS-Bjcg
    PWS-Medusa
  Remote Access (5)
    BackDoor-BCC
    BackDoor-CCD
    BackDoor-CCE
    BackDoor-CCC
    BackDoor-AXP.cgi
  Script (19)
    Bat/yahh
    Bat/qd186
    Bat/dt84
    Bat/dt78
    Bat/rb3
    Bat/qz74
    Bat/qd187
    Bat/qd185
    Bat/dt85
    Bat/dt83
    Bat/dt81
    Bat/dt77
    VBS/Sevrict
    Bat/Nosh
    JS/Binghu
    Bat/dig
    VBS/IEStart
    VBS/Deldoc
    PWS-Kpwd.bat
  StartPage (5)
    StartPage-BL
    StartPage-BJ
    StartPage-BK
    StartPage-BI
    StartPage-BH
  Unix (1)
    Unix/Kevin
  Win32 (8)
    Uploader-M
    Reboot-AC
    QHosts-6
    IPSpoofer-B
    ICQPager-S
    Generic FDoS.b
    AdClicker-AG
    MultiPager-C
Virus (129)
   (52)
    Poodle.1430
    APE
    SSR.dd.161
    OC/ooch
    OC/bur
    CriCri.4270
    Poodle
    Stripper.314
    Soulfly.2543
    OC/rpg
    OC/lpe
    OC/l
    HLLT.10226
    HLLT.Mazep.8640
    ASP/Aspid
    HLLT.Nolon
    HLLT.Nolon.8400
    HLLT.Nolon.8352b
    HLLT.Nolon.8352a
    HLLT.Nolon.8320
    HLLT.Nolon.8288c
    HLLT.Nolon.8288b
    HLLT.Nolon.8288a
    HLLT.Nolon.8272
    HLLT.Nolon.8256
    HLLT.Nolon.8240
    HLLT.Nolon.8224c
    HLLT.Nolon.8224b
    HLLT.Nolon.8224a
    HLLT.Nolon.8208b
    HLLT.Nolon.8208a
    HLLT.Nolon.8192b
    HLLT.Nolon.8160b
    HLLT.Nolon.8160a
    HLLT.Nolon.8144
    HLLT.Nolon.8128b
    HLLT.Nolon.8128a
    HLLT.Nolon.8112
    HLLT.Nolon.8096c
    HLLT.Nolon.8096b
    HLLT.Nolon.8096a
    HLLT.Nolon.8080c
    HLLT.Nolon.8080b
    HLLT.Nolon.8080a
    HLLT.Nolon.8048b
    HLLT.Nolon.8048a
    HLLT.Nolon.8032c
    HLLT.Nolon.8032b
    HLLT.Nolon.8032a
    HLLT.Nolon.7984
    HLLT.Nolon.7904
    HLLT.6016c
  Companion (3)
    Bat/nik.cmp
    HLLC.cmp.7488
    HLL.cmp.5056
  Damaged (2)
    VBS/Dismissed.dam
    W32/Nimda.dam
  Dropper (5)
    Chaly.dr
    HLLW.5680.drp
    W32/Mydoom.a.dr
    W32/Mydoom.b.dr
    W32/Mumo.dr
  E-mail (1)
    W32/Dumaru.ad@MM
  Generic (4)
    W32/Doomjuice.gen
    W95/Putita.gen
    W95/Lorez.gen
    W32/Lykov.gen
  Generic Worm (1)
    W32/Gaobot.worm.gen.e
  Internet Relay Chat (1)
    IRC-Iscbot
  Internet Worm (2)
    W32/Vesser.worm.a
    W32/Doomjuice.worm.a
  Malware Tool (1)
    OC/red.kit
  Overwriting (2)
    HLL.ow.5488g
    W32/Wiken.ow
  Peer To Peer Worm (1)
    W32/Linden.worm!p2p
  Script (6)
    Bat/passion
    Bat/mtn
    Bat/swo
    Bat/para
    Bat/nasty
    VBS/Gander
  VbScript (2)
    VBS/Qoma@MM
    VBS/Qoma@MM
  Win32 (7)
    W32/Pupil
    W32/Dumaru.eml!zip
    W32/Dexter
    W32/Delfer.a
    W32/Crosser
    W32/Badday
    W32/Delfer.b
  Worm (39)
    W32/Spybot.worm.acv
    W32/Spybot.worm.acq
    W32/Spybot.worm.acp
    W32/Spybot.worm.acn
    W32/Spybot.worm.acm
    W32/Gaobot.worm.jd
    W32/Gaobot.worm.jc
    W32/Yenik.worm
    W32/Gaobot.worm.jf
    W32/Spybot.worm.acc
    W32/Spybot.worm.abw
    W32/Spybot.worm.abu
    W32/Spybot.worm.acl
    W32/Spybot.worm.ack
    W32/Spybot.worm.acj
    W32/Spybot.worm.ach
    W32/Spybot.worm.acd
    W32/Spybot.worm.acb
    W32/Spybot.worm.abz
    W32/Spybot.worm.abx
    W32/Spybot.worm.abv
    W32/Spybot.worm.acs
    W32/Spybot.worm.aco
    W32/Spybot.worm.acg
    W32/Spybot.worm.aca
    W32/Spybot.worm.act
    W32/Spybot.worm.acr
    W32/Spybot.worm.aci
    W32/Spybot.worm.acf
    W32/Spybot.worm.aby
    HLLW.5680
    W32/Spybot.worm.acu
    W32/Spybot.worm.abt
    W32/Fesber.worm
    W32/Clatch.worm
    W32/Wozer.worm.b
    W32/Spybot.worm.acw
    W32/Pinom.worm
    W32/Gaobot.worm.je

Enhanced Detections:

Virus (135)
   (66)
    OC/vcl
    DGME
    SSR.1945a
    OC/z
    OC/v
    OC/r
    OC/j
    SSR.1945a.mad
    OC/red
    OC/necro
    OC/u
    OC/q
    OC/k
    OC/i
    OC/h
    OC/do
    OC/df
    OC/dc
    OC/f
    OC/db.Tr
    OC/ci
    OC/cg
    OC/ce.613
    OC/cb
    OC/ca
    OC/bx
    OC/bt
    OC/br
    OC/bk
    OC/bj
    OC/bi
    OC/au
    OC/as
    OC/ap
    OC/w.682
    OC/bv
    OC/m
    OC/p
    OC/az
    OC/y
    OC/al
    Mad.2662
    Mad.2845
    OC/t
    Red Devil.830b
    Red Devil.830a
    Red Devil.662
    OC/bz
    OC/g
    OC/bq
    OC/n
    OC/s
    OC/bg
    Dragalina
    Firestorm.3008
    OC/cy
    OC/ch
    OC/ce.675
    OC/cc
    OC/bl
    OC/at
    OC/ar
    OC/an
    OC/aj
    OC/w.612
    OC/c
  Companion (1)
    Bat/zek.cmp
  Damaged (1)
    W32/Lovsan.dam
  Dropper (7)
    OC.dr
    W32/GhostDog.dr
    DSME.Connie.dr
    OC/db.dr
    Red Devil.830a.dr
    Bat/skau.dr
    Bat/wn.drp
  Dropper Worm (1)
    W32/Lovsan.worm.b.dr
  Email (1)
    W32/Burnox@MM
  File Infector (1)
    Sirius
  Generic (1)
    W95/Putita.gen.b
  Generic Worm (2)
    W32/Titog.worm.gen
    W32/Lovsan.worm.gen
  Heuristic (1)
    New BackDoor2
  HTML document (1)
    W32/Holar.htm
  Internet Worm (6)
    W32/Lovsan.worm.e
    W32/Lovsan.worm.b
    W32/Lovsan.worm.c
    W32/Lovsan.worm.a
    W32/Lovsan.worm.f
    W32/Lovsan.worm.d
  Malware Tool (1)
    OC/l.kit
  multipartite (4)
    Oprobe.mp.5188
    Oprobe.mp.4439x
    Oprobe.mp.4229
    Oprobe.mp.4439
  Peer To Peer (1)
    Bat/Cobat!p2p
  Peer To Peer Worm (9)
    W32/Bare.worm.g!p2p
    W32/Bare.worm.f!p2p
    W32/Bare.worm.e!p2p
    W32/Bare.worm.d!p2p
    W32/Bare.worm.c!p2p
    W32/Bare.worm.b!p2p
    W32/Bare.worm.h!p2p
    W32/Bare.worm.a!p2p
    W32/Anfiz.worm!p2p
  Script (7)
    Bat/mob
    Bat/wbv
    Bat/wn
    Bat/ej
    Bat/Interor
    Bat/yg
    Bat/aj
  Win32 (7)
    W32/Spybot.uy
    W32/GhostDog.e
    W32/GhostDog.c
    W32/GhostDog.d
    W32/GhostDog.b
    W32/GhostDog.a
    W32/Lykov.a
  Win9x (2)
    W95/Putita.95
    W95/Putita.70
  Worm (15)
    W32/Gaobot.worm.cl
    W32/Togod.worm
    W32/Gaobot.worm.hn
    W32/Pokibat.worm
    W32/Gaobot.worm.ja
    W32/Gaobot.worm.is
    W32/Gaobot.worm.iq
    VBS/SSIWG.worm
    W32/Altice.worm
    W32/Titog.worm.a
    W32/Titog.worm.d
    W32/Titog.worm.e
    W32/Titog.worm.f
    W32/Titog.worm.i
    W32/Titog.worm.j
Internet Worm (1)
  - (1)
    W32/Wozer.worm
Trojan (65)
   (2)
    OC/by
    Zpass
  - (2)
    Kather
    AdClicker
  Application extension (1)
    BackDoor-CBL.dll
  Configurator (4)
    ICQPager-E.cfg
    Downloader.cfg
    ICQPager-K.cfg
    MultiDropper-CY.cfg
  Dialer (1)
    QDial13
  Dropper (4)
    PWS-PPort.dr
    AdClicker-C.dr
    IRC/Flood.aq.dr
    IRC/Flood.bt.dr
  Generic (3)
    Kather.gen.b
    Keylog-Spider.gen
    Kather.gen
  Internet Relay Chat (4)
    IRC-Dospa
    IRC/Flood.aq
    IRC/Flood.l
    IRC/Flood.db
  Malware Tool (4)
    Linux/Rootkit-P
    OC/by.kit
    Spam-Anonym
    PWS-QQPass.b.kit
  Password Stealer (1)
    JS/PWS-Snix
  Remote Access (4)
    BackDoor-SN
    BackDoor-CBL
    BackDoor-AIX
    BackDoor-CAF
  Script (21)
    Bat/tr
    Bat/zx
    Bat/zi
    Bat/yj
    Bat/yh
    Bat/yb
    Bat/wo
    Bat/tq
    Bat/tn
    Bat/tl
    Bat/tk
    Bat/eg
    Bat/tj
    VBS/Thelo
    Bat/qz69
    Bat/ya
    Bat/vf
    Bat/to
    Bat/tm
    Bat/ti
    Bat/sw
  Server (1)
    BackDoor-CA.svr
  Spyware (1)
    Keylog-Skin98
  VbScript (1)
    VBS/Flipe
  Win32 (11)
    ICQPager-P
    ICQPager-R
    ICQPager-Q
    DDoS-Asm
    Sniff-AIM
    ICQPager-F
    ICQPager-E
    ICQPager-D
    ICQPager-H
    ICQPager-K
    ICQPager-N
Program (4)
   (1)
    Generated.SMM32
  - (2)
    Generated.SMM
    Dialer-RAS.a.gen
  Malware Tool (1)
    VTool/av25