Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4326
DAT Release Date 02/18/2004
Threats Detected 86216
New Detections 190
Enhanced Detections 312

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
There are no noteworthy threats in this release

New Detections:

Joke (1)
  - (1)
    Kurda joke
Program (27)
   (2)
    Tool/deltr
    Tool/dmc
  Adware (4)
    Adware-Virtumondo
    Adware-Virtumundo
    Adware-ESDAds
    Adware-FunWeb
  Downloader (1)
    Adware-Rfwnad.dldr
  Generic (1)
    Keylog-Perfect.gen
  Malware Tool (7)
    HTool/Logix
    VTool/sdne5
    VTool/Ansib
    VTool/sdne6
    VTool/duk23
    VTool/ahah
    HTool/dcinf
  Script (7)
    Tool/svc
    Tool/fmt4
    Tool/fmt2
    Tool/cop
    Tool/nc40
    Tool/fmt3
    Tool/del
  Tool (1)
    Tool-AVPOffset
  Win32 (4)
    Xwxload
    Del-Hanz
    BasicFTP
    PortScan-Nscan
Trojan (72)
   (2)
    B2C/Format
    Phish-Potpor.eml
  - (1)
    MultiDropper-GP.dr
  Application extension (1)
    BackDoor-AUJ.dll
  Client (1)
    MacOS/BackDoor-Uni.cli
  Configuration settings (1)
    ServU.ini
  Dialer (1)
    PornDial-189
  Downloader (3)
    Downloader-HK
    Downloader-HI
    Downloader-HJ
  Dropper (3)
    PWS-Madzumba.dr
    MultiDropper-JD
    PWS-Brade.dr
  Exploit (3)
    Exploit-MS04-007
    Exploit-MhtRedir.gen
    Perl/Exploit-efst
  Flooder (2)
    FDoS-Carping
    FDoS-TrueRcds
  Generic (3)
    Keylog-Stawin.gen
    BackDoor-CA.gen
    IRC/Flood.gen.c
  Generic Server (1)
    BackDoor-CA.svr.gen
  Internet Relay Chat (1)
    IRC/Flood.ec
  Keylogger (5)
    Keylog-Lorex
    Keylog-Gopace
    Keylog-Dablo
    Keylog-ATh
    Keylog-BanBra
  Malware Tool (1)
    Kit-Sdbot
  Malware Tool Source code (1)
    Bat.kit.src
  Password (1)
    PWS-WebMoney.gen
  Password Stealer (3)
    PWS-HyperKrew
    PWS-Brade
    PWS-AimRobber
  Phishing (1)
    Phish-Potpor
  ProcKill (1)
    ProcKill-BN
  Remote Access (7)
    Keylog-Briss
    BackDoor-CCJ
    BackDoor-CCH
    BackDoor-CCG
    BackDoor-BCE
    BackDoor-BCD
    BackDoor-CCI
  Script (17)
    Bat/dt90
    Bat/dt92
    Bat/soul
    Bat/ren9
    Bat/ren8
    Bat/qz78
    Bat/qd195
    Bat/loop21
    Bat/klw7
    Bat/form32
    Bat/upl
    Bat/spaece
    Bat/avk22
    Bat/dt91
    Bat/avk20
    ServU.bat
    IRC/Flood.bat.i
  Server (2)
    BackDoor-AUJ.svr
    MacOS/BackDoor-Uni.svr
  StartPage (5)
    StartPage-BQ
    StartPage-BO
    StartPage-BM
    StartPage-BP
    StartPage-BN
  Win32 (4)
    Generic Downloader.a
    Del-445
    Generic Downloader.d
    AdClicker-AH
  Worm (1)
    W32/Doomjuice.worm!bzip
Virus (90)
   (3)
    Xav.547
    Grubby.190
    Wango.109
  Application extension (1)
    W32/Lamin.dll
  Configuration settings Worm (1)
    W32/Milol.worm.ini
  Damaged (1)
    Xexe.dam
  Damaged Worm (1)
    W32/Doomjuice.worm.b.dam
  Dropper (3)
    Bat/detox.dr
    W95/Repus.193.dr
    Bat/BWG.d.dr
  Dropper Worm (1)
    W32/Restud.worm.dr
  Email (5)
    W32/Netsky.b@MM!zip
    W32/Netsky.a@MM!zip
    Bat/BWG.d@MM
    W32/Alcop.bh@MM
    W32/Darby.h@MM
  Email Generic (1)
    W32/Pluto.gen@MM
  Exploit (1)
    Exploit-Mydoom.b
  Generic (1)
    W32/Bagys.gen
  Generic Worm (1)
    W32/Gaobot.worm.gen.f
  Internet Worm (2)
    W32/Doomhunter.worm
    W32/Gaobot.worm.gen.q
  Macintosh (1)
    MacOS/CDEF.c
  Overwriting (1)
    Bat/midez.ow
  Parasitic (2)
    HLLP.14264
    W32/Alisa.apd
  Script (28)
    Bat/youg
    Bat/thai
    Bat/pot.1638
    Bat/pepi
    Bat/ktulu
    Bat/khorp
    Bat/zep.226
    Bat/ussr
    Bat/aduh.1982dr
    Bat/aduh.1757
    Bat/b.1794
    Bat/b.1736
    Bat/b.623
    Bat/b.544
    Bat/b.368
    Bat/b.323
    Bat/b.320
    Bat/b.304
    VBS/Tuyen
    VBS/Mevola
    Bat/Kilabe
    Bat/detox
    Bat/boog
    Bat/aduh.1982
    Bat/b.1486
    Bat/b.425
    Bat/b.298
    VBS/Zevity
  Unix (1)
    Unix/Watoud
  VbScript (1)
    VBS/Lucave
  Win32 (7)
    W32/Generic.d
    W32/Netsky.a.eml!exe
    W32/Netsky.b.eml!exe
    W32/Netsky.b.eml!zip
    W32/Netsky.a.eml!zip
    W32/Vogad
    W32/Sment
  Win9x (1)
    W95/Beast.d
  Worm (26)
    W32/Spybot.worm.adq
    W32/Spybot.worm.ado
    W32/Spybot.worm.adf
    W32/Spybot.worm.ade
    W32/Spybot.worm.adc
    W32/Spybot.worm.adb
    W32/Spybot.worm.ada
    W32/Spybot.worm.acz
    W32/Spybot.worm.acx
    W32/Spybot.worm.adr
    W32/Gaobot.worm.jh
    W32/Spybot.worm.adn
    W32/Spybot.worm.adl
    W32/Spybot.worm.acy
    W32/Spybot.worm.ads
    W32/Spybot.worm.adm
    W32/Spybot.worm.add
    W32/Spybot.worm.adt
    W32/Restud.worm.a
    W32/Randon.worm.al
    W32/Randon.worm.ak
    W32/Mirseed.worm!cfg
    W32/Mirseed.worm
    W32/Surrogad.worm
    W32/Spybot.worm.adp
    W32/Gaobot.worm.jk

Enhanced Detections:

Virus (167)
   (18)
    Uruguay.10
    Dark Avenger.2000
    Dark Avenger.1028
    Dalian.1437
    Dalian.1367
    HLLT.Nolon
    Mad.3734
    Explosion.4872
    Explosion.5987
    Explosion.5637
    Explosion.4866
    Xav.544
    Mad.3732
    Explosion.4873
    Explosion.4868
    Explosion.5952
    Explosion.4910
    Explosion.4870
  Application extension Worm (1)
    W32/Sinis.worm.dll
  Damaged (4)
    W32/Sobig.f.dam
    W32/Bolzano.dam
    Explosion.dam
    W97M/Ethan.dam
  E-mail (3)
    W32/Mimail.m@MM
    W32/Mimail.l@MM
    W32/Mimail.t@MM
  E-mail worm (5)
    W32/Mimail.e@MM
    W32/Mimail.gen@MM
    W32/Mimail.c@MM
    W32/Mimail.p@MM
    W32/Mimail.s@MM
  Email (13)
    W32/Mimail.h@MM
    W32/Mimail.g@MM
    W32/Mimail.f@MM
    W32/Mimail.o@MM
    W32/Mimail.n@MM
    W32/Mimail.d@MM
    W32/Mimail.b@MM
    W32/Mimail.k@MM
    W32/Mimail.a@MM
    W32/Manyx@M
    W32/Pluto.b@MM
    W32/Pluto.c@MM
    W32/Darby.f@MM
  Email Generic (5)
    W32/Sowsat.gen@MM
    W32/Chowl.gen@MM
    W32/Mapson.gen@MM
    W32/Predec.gen@MM
    VBS/Loding.gen@MM
  Floppy Worm (1)
    W32/Trab.worm
  Generic (1)
    W32/Darby.gen
  Generic Worm (2)
    W32/Gaobot.worm.gen.b
    W32/Sinis.worm.gen
  Internet Worm (7)
    W32/Gaobot.worm.aa
    W32/Gaobot.worm.y
    W32/Gaobot.worm.z
    W32/Gaobot.worm.ai
    W32/Darby.worm.e
    W32/Gaobot.worm.ak
    W32/Vesser.worm.b
  Macintosh (2)
    MacOS/CDEF.b
    MacOS/CDEF.a
  Macro (1)
    X97M/Laroux
  Malware Tool (1)
    Bat/DarkChasm.kit
  Overwriting (1)
    Bat/m.ow
  P2P Worm (1)
    W32/Darby.worm.a
  Peer To Peer (1)
    W32/Generic.c!p2p
  Script (20)
    Bat/bvc
    Bat/aba
    VBS/Ruzz
    Bat/dq
    Bat/kuh
    Bat/af
    Bat/nem
    Bat/tix
    Bat/sav
    Bat/ea
    Bat/dm
    Bat/cn
    Bat/e
    Bat/fal.2645
    Bat/aat
    Bat/eb
    Bat/c
    Bat/fal.2711
    Bat/kh
    Bat/f
  Win32 (4)
    New Win32.g3
    W32/Mimail.u
    W32/Delfer.a
    W32/Delfer.b
  Win9x (2)
    W95/Navrhar.12888
    W95/CIH
  Worm (74)
    W32/Pluto.A@MM
    W32/Gaobot.worm.ac
    W32/Gaobot.worm.gb
    W32/Spybot.worm.qs
    W32/Gaobot.worm.fw
    W32/Gaobot.worm.fo
    W32/Gaobot.worm.fn
    W32/Gaobot.worm.fl
    W32/Gaobot.worm.fj
    W32/Gaobot.worm.fh
    W32/Gaobot.worm.fe
    W32/Gaobot.worm.fd
    W32/Gaobot.worm.ew
    W32/Gaobot.worm.eq
    W32/Gaobot.worm.eo
    W32/Gaobot.worm.en
    W32/Gaobot.worm.eh
    W32/Gaobot.worm.dq
    W32/Gaobot.worm.dp
    W32/Gaobot.worm.dl
    W32/Gaobot.worm.cv
    W32/Gaobot.worm.co
    W32/Gaobot.worm.cg
    W32/Gaobot.worm.cf
    W32/Gaobot.worm.bz
    W32/Gaobot.worm.bp
    W32/Gaobot.worm.bk
    W32/Gaobot.worm.bi
    W32/Gaobot.worm.bf
    W32/Gaobot.worm.bd
    W32/Gaobot.worm.ba
    W32/Gaobot.worm.ax
    W32/Gaobot.worm.at
    W32/Gaobot.worm.as
    W32/Gaobot.worm.ar
    W32/Gaobot.worm.ao
    W32/Gaobot.worm.am
    W32/Gaobot.worm.al
    W32/Gaobot.worm.aj
    W32/Gaobot.worm.ah
    W32/Gaobot.worm.ag
    W32/Gaobot.worm.af
    W32/Gaobot.worm.ae
    W32/Gaobot.worm.ad
    W32/Gaobot.worm.gp
    W32/Gaobot.worm.gn
    W32/Gaobot.worm.gz
    W32/Gaobot.worm.go
    W32/Gaobot.worm.gm
    W32/Gaobot.worm.gc
    W32/Spybot.worm.xw
    W32/Spybot.worm.xv
    W32/Gaobot.worm.gi
    W32/Gaobot.worm.ab
    W32/Spybot.worm.aal
    W32/Spybot.worm.za
    W32/Gaobot.worm.hm
    W32/Gaobot.worm.hg
    W32/Gaobot.worm.ge
    W32/Gaobot.worm.ir
    W32/Gaobot.worm.io
    W32/Gaobot.worm.ie
    W32/Gaobot.worm.ic
    W32/Sinis.worm
    W32/Darby.worm
    W32/Darby.worm.d
    W32/Darby.worm.c
    W32/Darby.worm.b
    W32/Blaster.worm.d
    W32/Blaster.worm.f
    W32/Spybot.worm.acu
    W32/Spybot.worm.abt
    W32/Wozer.worm.b
    W32/Pinom.worm
Internet Worm (2)
  - (1)
    W32/Raleka.worm
  Worm (1)
    W32/Spybot.worm.gen
Trojan (135)
   (32)
    B2C.MyGift
    B2C.AVKill
    B2E.dt
    B2C.Fly
    B2E.Process
    B2C.Duck
    B2C.MkDirs
    B2C.Killer
    B2C.Deldos
    B2C.Colaxer
    B2C.Sol
    B2C.Escape
    B2C.KBL
    Ansibomb.c
    B2C.Seq
    B2C.Ren
    B2C.Heap
    B2C.RMDirs
    B2C.RenAut
    B2C.Patcha
    B2C.Killw
    B2C.Delwin2
    B2C.Delwin
    B2C.Format
    B2E.rup3
    B2E.rup2
    B2C.Delwin3
    B2C.Nazi
    B2C.QD1
    B2C.FrodoM
    B2C.StopAV
    B2C.Delwin4
  - (2)
    Folding.bat
    JS/NoClose
  Application extension (1)
    BackDoor-WB.dll
  Application extension Generi (1)
    PWS-Sincom.dll.gen
  Configurator (2)
    BackDoor-CA.cfg
    PWS-IN.cfg
  Denial Of Svc (1)
    IRC/Flood.br
  Disk erasing (2)
    B2C.QZap2
    B2C.QZap
  Dropper (6)
    IRC/Flood.bq.dr
    B2C.Dracula
    MultiDropper-FN
    PWS-Mob.dr
    Keyhook.dr
    Bat/zw.dr
  Exploit (24)
    Linux/Exploit-SendMail
    Linux/Exploit-Bind
    Linux/Exploit-Cgiexp
    Linux/Exploit-Kerio
    Linux/Exploit-Shellcode
    Exploit-MS03-049
    Linux/Exploit-Freeze
    Linux/Exploit-Sqlexp
    Linux/Exploit-Adminer
    Linux/Exploit-Ciscer
    Linux/Exploit-Mulexp
    Linux/Exploit-BOrifice
    Linux/Exploit-Httpd
    Linux/Exploit-Gdslock
    Linux/Exploit-TearDrop
    Linux/Exploit-OpenSSH
    Linux/Exploit-Nhttpd
    Linux/Exploit-Modgz
    Linux/Exploit-SSPing
    Linux/Exploit-Openssl
    Linux/Exploit-Imspd
    Linux/Exploit-Rsync
    Linux/Exploit-Apache
    Linux/Exploit-Su
  File deleting (5)
    B2E.QDel5
    B2E.QDel
    B2E.QDel2
    B2E.QDel3
    B2E.QDel4
  Flooder (1)
    FDos-Lanxue
  Generic (3)
    Exploit-URLSpoof.gen
    BackDoor-AKT.gen
    BackDoor-PC.gen
  Java Applet (1)
    JV/Orifice.cgi
  JavaScript (1)
    JS/Loop
  Malware Tool (1)
    B2T.kit
  Password (2)
    PWS-Mob
    BackDoor-AQI
  Password Stealer (4)
    PWS-GTThief
    PWS-IN
    PWS-Medusa
    PWS-Madzumba
  Remote Access (2)
    BackDoor-CAP
    BackDoor-NT
  Script (38)
    Bat/kllw6
    Bat/kllw5
    Bat/kllw4
    Bat/kllw3
    Bat/kllw2
    Bat/kllw1
    Bat/abd
    Bat/abf
    IRC/Flood.av.bat
    Bat/abk
    Bat/yq
    Bat/yp
    Bat/zy
    Bat/vi
    Bat/penc
    Bat/dvl
    VBS/Piky
    B2C.Batchman
    Bat/dak
    Bat/Zomin
    Bat/vh
    IRC/Flood.bat.h
    Bat/qz65
    Bat/aar
    VBS/IEStart
    VBS/Deldoc
    Bat/qo
    Bat/kav
    Bat/aao
    Bat/aak
    Bat/aaj
    Bat/aaf
    Bat/zb
    Bat/qr
    Bat/oy
    Bat/aan
    Bat/zd
    Bat/vg
  Spyware (1)
    Keylog-Yeehah
  StartPage (1)
    StartPage-BK
  Unix (1)
    Unix/Kevin
  VbScript (1)
    VBS/Mextan
  Win32 (2)
    QReg-9
    W32/Sober!data
Program (8)
   (2)
    Generated.TPE
    Tool/fmt
  Generic (1)
    Dialer-RAS.cc.gen
  Malware Tool (4)
    VTool/av31
    VTool/av32
    VTool/av26
    VTool/alt
  Win32 (1)
    Del-444