Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4371
DAT Release Date 06/30/2004
Threats Detected 92884
New Detections 102
Enhanced Detections 415

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
There are no noteworthy threats in this release

New Detections:

Program (5)
  Configurator (1)
    Joke-EVX.cfg
  Dialer (1)
    Dialer-207
  Keylogger (1)
    Keylog-Tong
  Tool (1)
    Tool-BlackRain
  Win32 (1)
    RemAdm-ARPC
Trojan (46)
   (2)
    Uploader-P
    QHosts-11
  Application extension (4)
    StartPage-EC.dll
    PWS-Banker.dll
    BackDoor-CGG.dll
    StartPage-DP.dll
  Downloader (5)
    Downloader-LV
    Downloader-LU
    Downloader-LT
    Downloader-LS
    Downloader-LY
  Dropper (2)
    Uploader-P.dr
    QHosts-11.dr
  Exploit (2)
    Exploit-Atmac
    Exploit-HCPRemoteExe
  Generic (3)
    W32/Sdbot.gen.r
    BackDoor-DV.gen
    PWS-Banker.gen
  Internet Relay Chat (1)
    IRC-Xevol
  Keylogger (3)
    Keylog-Zubo.dr
    Keylog-Zubo!log
    Keylog-Zubo
  Malware Tool (2)
    Kit-MafiaDown
    Kit-BuilderWD
  Password Stealer (1)
    PWS-Banker!sys
  Peer To Peer Worm (1)
    W32/Sndc.worm!p2p
  ProcKill (1)
    ProcKill-PCWT
  Remote Access (11)
    BackDoor-CGL
    BackDoor-CGK
    BackDoor-CGJ
    BackDoor-CGH
    BackDoor-CGG
    BackDoor-CGF
    BackDoor-CGE
    BackDoor-CAK.eml
    BackDoor-KI
    BackDoor-BDG
    BackDoor-BDF
  Script (2)
    IRC-Demfire.bat
    Bat/qz130
  StartPage (3)
    StartPage-EC!htm
    StartPage-EC
    StartPage-DU!htm
  Tool (1)
    Tool-Uptime
  Win32 (2)
    Uploader-O
    AdClicker-AQ
Virus (51)
   (5)
    DogPaw.720
    Onkogen.1683
    Emasc.660
    Avvaddon.1100
    Xany.255
  Application extension Generi (1)
    W32/Bugbear.b.dll.gen
  Application extension Worm (1)
    W32/Mota.worm.dll
  Companion (1)
    W32/Teta.cmp
  Damaged (1)
    W32/Bagle.z.dam
  Damaged Worm (1)
    W32/Vesser.worm.dam
  Dropper (1)
    Heli.dr
  Dropper Parasitic (1)
    Critico.cav.dr
  Email (3)
    VBS/Powcox@MM
    W32/Lovgate.ac@MM
    W32/Lovgate.v@MM
  Generic (1)
    SymbOS/Cabir.gen
  Generic Worm (1)
    W32/Lamud.worm.gen
  Internet Relay Chat (1)
    W32/Bluber!irc
  Parasitic (24)
    Serrelinda.cav.337
    Olya.cav.398
    Olya.cav.390
    Heli.cav
    Grog.cav.482
    Grog.cav.480
    Death.cav.257
    Yuppy.cav.302
    Xam.cav.317
    Sot.cav.352
    Fis.cav.235
    Exe.cav.440b
    Exe.cav.388
    Exe.cav.379
    Exe.cav.360
    Exe.cav.342
    Exe.cav.252
    Exe.cav.250b
    Exe.cav.222
    Critico.cav.977
    Critico.cav.969
    Critico.cav.965
    Oath.cav
    Exe.cav.250a
  Script (1)
    JS/Wask
  Win32 (5)
    W32/Paps
    W32/Polybot.bq
    W32/Polybot.bp
    W32/Vesic
    W32/Animac
  Worm (3)
    W32/Korgo.worm.v
    W32/Fremmy.worm
    W32/Mota.worm

Enhanced Detections:

Internet Worm (4)
  Exploit (1)
    W32/Witty.worm
  Internet Worm (1)
    W32/Doomjuice.worm.b
  SQL worm (1)
    W32/SQLSlammer.worm
  Worm (1)
    W32/Gant.gen@MM
Malware (1)
  Exploit (1)
    Exploit-CodeBase
Program (5)
  Dialer (2)
    Dialer-206
    Dialer-188
  Downloader (1)
    Dialer-RAS.d.dldr
  Malware Tool (1)
    VTool/kk
  Win32 (1)
    TSADBOT
Trojan (102)
   (1)
    Generic BackDoor.d
  Application extension (3)
    BackDoor-AXJ.dll
    Downloader-DA.dll
    PWS-Narod.dll
  Client (2)
    BackDoor-ARL.cli
    BackDoor-BAC.cli
  Configurator (1)
    BackDoor-ARL.cfg
  Downloader (13)
    Downloader-DC
    Proxy-Mitglieder
    Downloader-BP
    Downloader-B
    Downloader-BU
    Downloader-FU
    Downloader-HY
    Downloader-IF
    Downloader-AS
    HackerDefender.dldr
    Downloader-LE
    Downloader-KX
    Downloader-JY
  Dropper (4)
    VBS/Inor
    IRC/Flood.do.dr
    BackDoor-ARL.dr
    Proxy-Hino.dr
  Exploit (2)
    VBS/Psyme
    Exploit-MhtRedir.gen
  Flooder (13)
    FDoS-Caraf
    FDoS-Kabub
    FDoS-Freekaz
    FDoS-MassMsg
    FDoS-Filter
    FDoS-Tyapo
    FDoS-Maiman
    FDoS-Psycho
    FDoS-Shab
    FDoS-Lanmen
    FDoS-Cybwar
    FDoS-Chat
    FDoS-Mandie
  Generic (5)
    VBS/IEstart.gen.e
    VB-BackDoor.a.gen
    BackDoor-AKT.gen
    Exploit-ObjectData.gen
    BackDoor-AZV.gen
  HTML document (1)
    BackDoor-AXJ.htm
  Internet Relay Chat (2)
    IRC/Flood.c
    IRC/Flood.ct
  JavaScript (1)
    JS/CardStealer
  Macintosh (3)
    MacOS/NVP
    MacOS/ChinaTalk
    MacOS/MW2004
  Macro (1)
    A97M/AcceV
  Malware Tool (1)
    PWS-QQPass.c.kit
  Password (5)
    PWS-Narod
    PWS-QQPass
    PWS-LDPinch
    PWS-Bancban
    PWS-WebMoney.gen
  Password Stealer (4)
    PWS-Fakeyah
    PWS-Qover
    PWS-Banker
    PWS-QQPass.c
  Proxy (2)
    Proxy-Hino.b
    Proxy-Hino.c
  Remote Access (18)
    BackDoor-ABM
    BackDoor-AZV
    Backdoor-TW
    BackDoor-SO
    BackDoor-ARL
    BackDoor-AVW
    BackDoor-AXY
    BackDoor-BAC
    BackDoor-AED
    BackDoor-SS
    BackDoor-CCT
    BackDoor-KF
    Backdoor-XJ
    BackDoor-PK
    BackDoor-VX
    BackDoor-ABF
    BackDoor-TE
    BackDoor-M
  Script (6)
    VBS/Winrun
    IIS/BackDoor-ACE
    HTML/Debeski
    VBS/Carot
    JS/Malex
    FireD.bat
  StartPage (1)
    StartPage-DU
  Win32 (13)
    IRC/Flood.cm
    Generic Downloader.a
    Generic BackDoor.b
    Reg/Seeker
    AdClicker-W
    HackerDefender
    Generic BackDoor.f
    Generic Downloader.c
    IRC-Sdbot
    SennaSpy2001
    Generic VB.c
    DDoS-Boxed
    Generic BackDoor.i
Virus (303)
   (5)
    Xany
    MPC
    Bomber.4096
    Lucretia
    HLLT.7504b
  Application extension (1)
    W32/Demig.dll
  Boot dropper (1)
    BtDr.Ogre
  Damaged (9)
    W32/Netsky.q.dam
    W32/Fosforo.dam
    W32/Magistr.dam
    MacOS/nVIR.dam
    MacOS/nVIR.c.dam
    MacOS/nVIR.a.dam
    W32/Lovgate.dam
    W95/RainSong.dam
    W32/Netsky.dam
  Damaged Worm (3)
    W32/Spybot.worm.dam
    W32/Nachi.worm.dam
    W32/Sdbot.worm.dam
  Dropper (12)
    Univ/a.dr
    Univ/j.dr
    W95/RainSong.3956.b.dr
    W95/RainSong.3956.a.dr
    W95/RainSong.3925.b.dr
    W95/RainSong.3925.a.dr
    W95/RainSong.4386.dr
    W95/RainSong.4036.dr
    W95/RainSong.4262.b.dr
    W95/RainSong.4262.a.dr
    MacOS/SevenDust.dr
    W95/Quza.dr
  E-mail (3)
    W32/Marque.worm
    W32/Bagle.j@MM
    W32/Bagle.k@MM
  E-mail worm (13)
    W32/Lovgate.f@M
    W32/Naco.b@MM
    W32/Bagle.n@MM
    W32/Naco.a@MM
    W32/Bagle.p@MM
    W32/Bagle.q@MM
    W32/Bagle.t@MM
    W32/Bagle.c@MM
    W32/Bagle.r@MM
    W32/Bagle.s@MM
    W32/Bagle.z@MM
    W32/Bagle.aa@MM
    W32/Lovgate.ab@MM
  Email (34)
    W95/Babylonia@M
    W97M/Hlam@MM
    W32/Lovgate.b@M
    W32/Lovgate.e@M
    W32/Lovgate.g@M
    W32/Pepex@MM
    W32/Gift@MM
    W32/Lovgate@M
    W32/Lovgate.m@M
    W32/Lovgate.i@M
    W32/Lovgate.h@M
    W32/Naco.c@MM
    W32/Naco.e@MM
    W32/Naco.f@MM
    W32/Lovgate.n@M
    W32/Darby.f@MM
    W32/Darby.h@MM
    W32/Lovgate.q@MM
    W32/Lovgate.p@MM
    W32/Lovgate.s@M
    W32/Lovgate.t@M
    W32/Lovgate.v@M
    W32/Lovgate.t@MM
    W32/Lovgate.r@MM!zip
    W32/Lovgate.u@MM
    W32/Lovgate.u@M
    W32/Lovgate.w@M
    W32/Lovgate.y@MM
    W32/Lovgate.x@MM!zip
    W32/Lovgate.aa@MM!zip
    W32/Lovgate.z@MM
    W32/Lovgate.aa@MM
    W32/Lovgate.z@MM!zip
    W32/Lovgate.ab@MM!zip
  Email Generic (6)
    W32/Sober.gen@MM
    W32/Lovgate.gen@M
    W32/Chowl.gen@MM
    W32/Bibrog.gen@MM
    W32/Naco.gen@MM
    W32/Holar.gen@MM
  Email Generic Worm (1)
    W32/Zokrim.worm.gen@MM
  File Infector (1)
    W32/Magistr.b@MM
  Floppy Worm (2)
    W32/Cunario.worm
    W32/Flor.worm
  Generic (9)
    W32/Orez.gen
    MacOS/SevenDust.gen
    MacOS/MDEF.gen
    MacOS/T4.gen
    MacOS/nVIR.b.gen
    W95/Quza.gen
    W32/Graps.gen
    W32/Darby.gen
    W32/Bagle.gen!pwdzip
  Generic Peer To Peer Worm (2)
    W32/Gemel.worm.gen!p2p
    W32/Zaka.worm.gen!p2p
  Generic Worm (30)
    W32/Sdbot.worm.gen
    W32/Spybot.worm.gen.e
    W32/Raleka.worm.gen
    W32/Gaobot.worm.gen.g
    W32/Gaobot.worm.gen.f
    W32/Gaobot.worm.gen.e
    W32/STD.worm.gen
    W32/Winur.worm.gen
    W32/Renol.worm.gen
    W32/Spybot.worm.gen.i
    W32/Spybot.worm.gen.f
    W32/Spybot.worm.gen.a
    W32/Critex.worm.gen
    W32/Spybot.worm.gen.g
    W32/Spybot.worm.gen.d
    W32/Sdbot.worm.gen.d
    W32/Sdbot.worm.gen.n
    W32/Sdbot.worm.gen.j
    W32/Sdbot.worm.gen.h
    W32/Sdbot.worm.gen.o
    W32/Sdbot.worm.gen.m
    W32/Sdbot.worm.gen.k
    W32/Sdbot.worm.gen.i
    W32/Sdbot.worm.gen.g
    W32/Fruit.worm!irc.gen
    W32/Korgo.worm.gen
    W32/Sdbot.worm.gen.p
    W32/Sdbot.worm.gen.q
    W32/Spybot.worm.gen.n
    W32/Gaobot.worm.gen.h
  Heuristic (2)
    New Win32.g4
    Unsafe VBS
  HTML document (1)
    W32/Lirva.c.htm
  Intended (2)
    W95/Babylonia.intd
    VBS/Redlof.intd
  Intended Worm (1)
    W32/Zaka.worm.intd
  Internet Relay Chat (1)
    W32/Diam!irc
  Internet Worm (15)
    W32/Nachi.worm.c
    W32/Lovgate.d@M
    W32/Naco.d@MM
    W32/Darby.worm.e
    W32/Zezer.worm.gen
    W32/Doomjuice.worm.a
    W32/Nachi.worm.b
    W32/Nachi.worm.e
    W32/Bagle.d@MM
    JS/Fortnight@M
    W95/MTX.gen@M
    W32/Spester@MM
    W32/Gaobot.worm.ali
    W32/Korgo.worm.r
    W32/Gaobot.worm.gen.q
  JavaScript (1)
    JS/Xilos
  Macintosh (38)
    MacOS/ANTI
    MacOS/CODE9811
    MacOS/Peace
    MacOS/CODE252
    MacOS/INIT9403
    MacOS/INIT-M
    MacOS/Flag
    MacOS/Frankie
    MacOS/CODE32767
    MacOS/Scores
    MacOS/CODE1
    MacOS/INIT17
    MacOS/INIT1984
    MacOS/ZUC.b
    MacOS/WDEF.b
    MacOS/WDEF.a
    MacOS/SevenDust.d
    MacOS/SevenDust.c
    MacOS/SevenDust.b
    MacOS/SevenDust.a
    MacOS/nVIR.c
    MacOS/nVIR.a
    MacOS/MDEF.d
    MacOS/MBDF.b
    MacOS/ZUC.c
    MacOS/ZUC.a
    MacOS/INIT29.b
    MacOS/CDEF.b
    MacOS/MBDF.a
    MacOS/INIT29.a
    MacOS/CDEF.a
    MacOS/ANTI.b
    MacOS/SevenDust.e
    MacOS/ANTI.a
    MacOS/T4.d
    MacOS/SevenDust.j
    MacOS/MDEF99
    MacOS/CDEF.c
  Macro (1)
    W97M/Splash
  mIRC Worm (1)
    W32/Protoride.worm
  Overwriting (1)
    W32/Assic.ow
  P2P Worm (2)
    W32/Reur.worm!p2p
    W32/Darby.worm.a
  Parasitic (4)
    W32/HLLP.Nity.c
    W32/HLLP.Nity.a
    W32/HLLP.Nity.b
    W32/HLLP.15881
  Peer To Peer Worm (1)
    W32/Gammes.worm!p2p
  Script (3)
    VBS/Pleo
    JS/Cassan
    VBS/Gedza
  Universal (2)
    Univ/j
    Univ.topsy
  Win32 (29)
    New Win32.g1
    New Poly Win32
    W32/Bagle.o!proxy
    W95/Rainsong.3891
    New Win32
    W32/Zmist.gen
    W32/Zexam
    W32/Orez.6287
    W32/Orez.6279
    W32/Orez.5780
    W32/Lme.7018
    W32/Lme.2883
    W32/Fosforo.a
    W32/Fosforo.b
    W32/Fosforo.c
    W32/Evol
    W32/Zmist.a
    W32/Fosforo.d
    W32/Lovgate
    W32/Neoval
    W32/Arikash
    W32/Sakao
    W32/Emeres
    W32/Caes
    W32/Lme.c
    W32/Rolog!txt
    W32/Generic.d
    W32/Bagle!pwdzip
    W32/Appix.f!rar
  Win9x (17)
    W95/RainSong.3925.a
    W95/RainSong.4036
    W95/RainSong.4386
    W95/RainSong.3956.b
    W95/RainSong.3956.a
    W95/RainSong.3925.b
    W95/Legacy
    W95/CTX.10853
    W95/CTX.6886
    W95/RainSong.4262.b
    W95/RainSong.4262.a
    W95/Quza.3370
    W95/Quza.3361b
    W95/Quza.3361a
    W95/Quza.2344
    W95/Quza.1751
    W95/Quza.1386
  Worm (49)
    W32/Lovgate.k@M
    W32/Refoav.worm
    W32/Lovgate.l@M
    W32/Lovgate.j@M
    W32/Pesin.worm.gen
    W32/Lovgate.a@M
    W32/Lovgate.c@M
    W32/Lovgate.q@M
    W32/Israz.worm.b
    W32/Israz.worm.a
    W32/Lovgate.s@MM
    W32/Lovgate.r@M
    W32/Lovgate.x@MM
    W32/Raleka.worm.c
    W32/Raleka.worm.b
    W32/Raleka.worm.a
    W32/Magistr.a@MM
    W32/Bored.worm.a
    W32/Bored.worm.b
    W32/CodeRed.worm
    W32/Nachi.worm.g
    W32/CodeRed.worm.a
    W32/Sysdil.worm
    W32/Celebit.worm
    W32/Fibot.worm
    W32/Darby.worm.d
    W32/Darby.worm.c
    W32/Darby.worm.b
    W32/Acinti.a.worm
    W32/Dhaka.worm
    W32/Marjor.worm
    W32/Flopcop.worm
    W32/Frekaz.worm
    W32/Nachi.worm.a
    W32/Nachi.worm.d
    W32/Doomjuice.worm.c
    W32/Dedler.worm
    W32/Korgo.worm.u
    W32/Korgo.worm.t
    W32/Korgo.worm.i
    W32/Acinti.b.worm
    W32/Nachi.worm.j
    W32/Nachi.worm.h
    W32/Nachi.worm.k
    W32/Nachi.worm.i
    W32/Korgo.worm.k
    W32/Korgo.worm.p
    W32/Setclo.worm
    W32/Korgo.worm.q