Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4400
DAT Release Date 10/20/2004
Threats Detected 104507
New Detections 250
Enhanced Detections 427

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
There are no noteworthy threats in this release

New Detections:

Program (11)
   (1)
    VSource/crh1
  Application extension (1)
    UnRealIRC.dll
  Configuration settings (1)
    Dialer.ini
  Demonstration (1)
    Demo-PG2Kill
  Dialer (5)
    Dialer-226
    Dialer-225
    Dialer-224
    Dialer-RAS.dk
    Dialer-223
  Tool (2)
    Tool-Morphine
    Tool-UPolyX
Trojan (42)
   (3)
    Spy-Tofger!zip
    Spy-Tofger!chm
    QLowZones-4
  Application extension (1)
    BackDoor-CKG.dll
  Downloader (9)
    JS/Spy-Tofger.dldr
    Downloader-RC
    Downloader-RA
    Downloader-QY
    Downloader-QW
    Downloader-RB
    Downloader-QZ
    Downloader-QX
    PWS-Bamer.dldr
  Dropper (4)
    MultiDropper-LS
    Proxy-Agent.a.dr
    Downloader-QI.dr
    BackDoor-CKG.dr
  Exploit (3)
    Exploit-ZIP.b
    Exploit-Trillian
    Exploit-DFind
  Generic (3)
    Stealth.gen
    BackDoor-CKA.gen
    BackDoor-CKG.gen
  Keylogger (1)
    Keylog-Present
  Linux (4)
    Linux/Ramping
    Linux/DoS-Juno
    Linux/Spoof-Vadim
    Linux/Dolit
  Proxy (1)
    Proxy-TJServ
  Remote Access (6)
    BackDoor-CKF
    BackDoor-CKE
    BackDoor-CKC
    BackDoor-CKB
    Linux/BackDoor-Pulamea
    BackDoor-CKD
  StartPage (3)
    StartPage-FG
    W97M/StartPage-DH
    INF/StartPage-FH
  Win32 (4)
    Generic Downloader.h
    QLowZones-5
    AdClicker-BJ
    Generic BackDoor.p
Virus (197)
   (160)
    XRay.2050
    Xany.358
    Xany.128
    Write.474
    Tokyo.1068
    Tax Appeal.1587
    Tangle.387
    Tabulero.2048b
    Syndrome.1485
    Sibylle.1200
    Sibylle.853
    Odanrot.896
    Nov17
    MPC.694
    MPC.442c
    Linc.300
    Katies
    Inch
    Excess.3529
    Eternity
    Andromeda.1337
    Andromeda.1024e
    Zapper.1121
    YesNo.862
    XRCE.664
    Xexe.512
    WRA.512
    Weihnach.1111
    VarWorm.818
    Uren.377
    Unkm.197
    Unhandled.495
    UKTC.769
    Tucuman.828
    Spec.907
    Slips.1475
    Sauron.1088
    Reedcat.928
    Quod.872
    QRes.259
    Post Mortem.733
    Oddity.1194
    Nymphet.1024
    Number5.1235
    NSD.266
    Mick.1100
    Lyubasha.381
    LX.1358
    Ludwig.573
    Lovebuzz.591
    Licentious.1024
    Kode.1024b
    Kode
    Kicsit
    Juice.1441
    Jel.841
    Inside.1011
    IBVV.742
    Hellis.608
    Gondor.3072
    Geliyor.c
    Geliyor.b
    Game.823
    Flavour.989
    FFC.1000
    Xany.657a
    Xany.134
    Warlock.1817
    Warlock.1676
    Tenerife.1550
    Tash.2042
    Tabulero.2048a
    Skater.819
    Sibylle.858
    Palma.591
    Occult.1378
    Norilsk
    Manuel.2209
    Linc.228
    Jeru.912
    Hiroshima.826
    Excess.3536
    Dark Manko.764
    Andromeda.1024f
    Zero.983
    You.1186
    Yellow Worm
    Xingo.1308
    Tangle.378
    MPC.451
    Xexe.424
    Weihnach.1827
    Voyage.1134
    VarWorm.913
    VarWorm.943
    UVC
    Uren.396
    Unspeed.920
    Unkm.166
    Underground.781
    Ultra Violent.5700
    Tucuman.1408
    Surplus.474
    Steatoda
    Sloft.1024
    Sina.1208
    Romania.856
    Rat.501
    Quail.414
    QRes.120
    Print Devil.716
    Ornery.1006
    Nympho.666
    NYC.808
    Nuc.516
    NoPM.494
    Minz.470
    Ment.1258
    Lutil.591
    Loz
    LookSee.1461
    Konkoor.3072
    Kode.1024a
    Kevin.1558
    Judi.1000
    Jare.1062
    Inside.752
    HTTM
    Hasta.884
    Geliyor.a
    Galt.1574
    Flavour.911
    Fbd.1000
    Fantasma.1000
    Fallen Angel.338
    Easifix.857
    DST.525
    Dr Demon
    Dr Demon.1816
    Croatia
    Coconut.2324
    Coconut.2015
    Birthday.512
    Bastard.455
    BadCom.967
    Backform.2345
    Antiem.2320
    Angels.1571
    AGA.3000
    Dr Demon.1888
    Detic.1514
    Coito.644
    Coconut.2071
    Bomz.3809
    Bolero.1300
    Black Monday.928
    Bastard.460
    Awaits.500
    Adipop.485
    Account.873
  Application extension (2)
    W32/Zelly.dll
    W32/Pate.d.dll
  Damaged (6)
    Steatoda.dam
    Print Devil.716.dam
    Write.474.dam
    Lyubasha.381.dam
    Bolero.1300.dam
    Account.dam
  Damaged Worm (1)
    W32/Korgo.worm.ac.dam
  Dropper (9)
    Black Monday.dr
    Warlock.1817.dr
    UVC.dr
    Underground.781.dr
    Hero.dr
    Excess.dr
    Kode.dr
    Fbd.dr
    DST.dr
  E-mail (1)
    W32/Mydoom.ae@MM
  E-mail worm (2)
    W32/Bagz.d@MM
    W32/Bagz.e@MM
  Email (3)
    W32/Frethem.z@MM
    W32/Bagz.d@MM!zip
    W32/Bagz.c@MM
  Script (2)
    Bat/Mumol
    JS/BatPart
  Win32 (6)
    W32/Generic.Delphi
    W32/Crosser.b
    W32/Bagz!hosts
    W32/Polybot.ca
    W32/Pate.d
    W32/Crosser.a
  Win9x (1)
    W95/Gremo
  Worm (4)
    W32/Kobot.worm
    W32/Antinny.worm.q
    W32/Scranor.worm
    W32/Eyeveg.worm.d

Enhanced Detections:

Internet Worm (3)
  E-mail (2)
    W32/Mydoom.u@MM
    W32/Mydoom.v@MM
  Worm (1)
    W32/Polybot.gen!irc
Malware (1)
  Exploit (1)
    Exploit-CodeBase
Program (110)
   (17)
    VSource
    VSource.Robocop
    VSource/pas6
    VSource/pas4
    VSource/pas2
    VSource.Laroux
    VSource.Appder
    VSource/pas5
    VSource/pas3
    VSource/pas1
    VSource/jel
    VSource.par
    VSource/mad
    VSource/addv
    VSource/inf
    UnRealIRC
    VSource/wrm
  - (1)
    KeyHook.dll
  Application extension (2)
    Vundo.dll
    Dialer-Generic.dll
  Dialer (1)
    Dialer-184
  Downloader (1)
    Downloader-EAccel
  Generic (1)
    VSource.Gravity
  Keylogger (1)
    Keylog-Keyspy
  Malware Tool (30)
    HTool/aris
    HTool/cpc
    HTool/ahak1
    HTool/dialhk6
    HTool/dialhk5
    HTool/aut
    HTool/ano
    HTool/bki
    HTool/ahk2
    HTool/der
    HTool/crm
    HTool/clo
    HTool/abp
    HTool/apm
    HTool/cra
    HTool/bru
    HTool/bbs
    HTool/bdp
    HTool/csp
    HTool/dge
    HTool/ctd
    HTool/cru
    HTool/crn
    HTool/crcd
    HTool/bru2
    HTool/acr
    HTool/dcinf
    HTool/cop
    HTool/cfd
    HTool/bin
  Password (1)
    PWCrack-Cain
  Plugin component (1)
    CyberSensor.plugin.plugin
  PornDialer (1)
    Dialer-Generic
  Tool (50)
    Tool-Haxor
    Tool-Telnet
    Tool-BODec
    Tool-MacTime
    Tool-Revert
    Tool-HLPDump
    Tool-Analyze
    Tool-AVPX
    Tool-Podonok
    Tool-Pervert
    Tool-QQPassO
    Tool-QQExpl
    Tool-IconHnt
    Tool-CGIScan
    Tool-AutoPol
    Tool-DNSMast
    Tool-AIMRV
    Tool-ZPacker
    Tool-PEStat
    Tool-ZMist
    Tool-COM2UUE
    Tool-CGAGF
    Tool-Jumin
    Tool-Netacess
    Tool-PGP2TXT
    Tool-RSAKey
    Tool-Tracer
    Tool-PGPDump
    Tool-TXT2DEN
    Tool-Huff
    Tool-AVPOffset
    Tool-VecnaLink
    Tool-Chiton
    Tool-IRXPro
    Tool-MLDE32
    Tool-DumpAIT
    Tool-FTransf
    Tool-SNTPTest
    Tool-InfElf
    Tool-PEWrSec
    Tool-Cerberos
    Tool-Domina
    Tool-Fasong
    Tool-Frank
    Tool-ProxyHun
    Tool-ProxiesR
    Tool-Cookie
    Tool-IconIns
    Tool-SpeedTest
    Tool-DiskInfo
  Win32 (3)
    Virtual Bouncer
    Sniff-NT110
    Vundo
Trojan (118)
   (4)
    Generic PWS.b
    Nine
    Phish-BankFraud.eml
    QHosts-18!hosts
  Application extension (6)
    CoreFlood.dll
    AFXrootkit.dll
    Spy-Tofger.dll
    Keylog-Sconato.dll
    PWS-Banker.dll
    AdClicker-BA.dll
  Application extension Generi (1)
    BackDoor-AXJ.dll.gen
  Configurator (2)
    MultiDropper.cfg
    Downloader.cfg
  Damaged (1)
    Linux/Rootkit-Dica.dam
  Demonstration (1)
    JS/Exploit-DragDrop.b.demo
  Downloader (11)
    Downloader-CY
    Downloader-DC
    Proxy-Mitglieder
    JS/Exploit-MhtRedir.ldr
    Downloader-NI
    Downloader-QU
    Downloader-QT
    PWS-Bancban.dldr
    Downloader-QV
    Downloader-MP
    Downloader-PR
  Dropper (9)
    VBS/Inor
    PWS-Bancos.dr
    AFXrootkit.dr
    PWS-Bancban.dr
    MultiDropper-DC
    IRC-Sdbot.dr
    HackerDefender.dr
    BackDoor-AJQ.dr
    PWS-Banker.dr
  Dropper Generic (1)
    IRC-Sdbot.dr.gen
  Exploit (4)
    Exploit-MhtRedir.gen
    JS/Exploit-InsCtl
    Exploit-MS04-028
    W97M/Exploit-JPEG
  Flooder (1)
    FDos-Servu
  Generic (9)
    Exploit-CodeBase.gen
    PWS-Bancban.gen.b
    Exploit-URLSpoof.gen
    PWS-Bancos.gen
    Exploit-ObjectData.gen
    StartPage-AI.gen
    BackDoor-BAC.gen
    JS/Exploit-DragDrop.b.gen
    AFXrootkit.gen
  Java Applet (1)
    JV/Shinwow
  Keylogger (2)
    Keylog-Sconato
    Keylog-MapName
  Linux (12)
    Linux/DoS-Halflife
    Linux/DoS-Hestra
    Linux/DoS-Neon
    Linux/DoS-Melt
    Linux/DoS-Kod
    Linux/DoS-Targ
    Linux/DoS-Darkwar
    Linux/DoS-Scut
    Linux/DoS-Chrome
    Linux/DoS-Sprite
    Linux/DoS-Nocwage
    Linux/DoS-Hella
  Password (4)
    PWS-Bancos
    PWS-LegMir
    PWS-LDPinch
    PWS-Bancban
  Password Stealer (2)
    PWS-Banker
    PWS-Banker!sys
  Proxy (1)
    Proxy-Agent.a
  Remote Access (24)
    BackDoor-ACH
    BackDoor-AXJ
    BackDoor-ABB
    BackDoor-AMQ
    Linux/BackDoor-Cym
    Linux/BackDoor-Note.b
    Linux/BackDoor-Note.a
    Linux/BackDoor-Small
    Linux/BackDoor-Promptte
    BackDoor-AKD
    Backdoor-EE
    BackDoor-AJQ
    BackDoor-AOZ
    BackDoor-TC
    BackDoor-BCD
    Linux/BackDoor-Regile
    Linux/BackDoor-Rooted
    BackDoor-CJZ
    BackDoor-CJY
    BackDoor-CJS
    Linux/BackDoor-Oboy
    BackDoor-CIW
    BackDoor-BDI
    BackDoor-CJK
  Script (2)
    Univ.script/99a
    W32/Sdbot.bat
  Spyware (2)
    Keylog-Perfect.dr
    Unone
  Win32 (18)
    Generic PWS.a
    Generic Downloader.a
    Generic BackDoor.b
    Generic BackDoor.h
    Generic Delphi
    Generic MSVC
    Generic VB.b
    Smith
    Generic VB.c
    QLowZones-2
    AdClicker-BG
    QHosts-18
    Generic Downloader.g
    Generic BackDoor.m
    DDoS-Boxed
    Generic BackDoor.j
    Generic BackDoor.o
    Generic BackDoor.n
Virus (195)
   (8)
    Slovakia.1956
    PDP.1476
    Slovakia.2041
    Black-Monday.1055
    Teraz.2717
    YD
    XTiny
    PDP.1563
  Application extension (3)
    W32/Pate.b.dll
    W32/Pate.c.dll
    W32/Pate.a.dll
  Boot (1)
    Palma
  Damaged (2)
    W32/Pate.dam
    W32/Polybot.dam
  Damaged Worm (6)
    W32/Spybot.worm.dam
    W32/Korgo.worm.v.dam
    W32/Korgo.worm.p.dam
    W32/Korgo.worm.s.dam
    W32/Korgo.worm.aa.dam
    W32/Sdbot.worm.dam
  Dropper (3)
    Univ/a.dr
    Univ/j.dr
    Black-Monday.dr
  E-mail (1)
    W32/Mydoom.o@MM
  E-mail worm (2)
    W32/Mydoom.n@MM
    W32/Mydoom.ab@MM
  Email (10)
    W32/Alcop@MM
    W32/Darby.f@MM
    W32/Darby.h@MM
    W32/Mydoom.d@MM
    W32/Mydoom.ad@MM
    W32/Bagz.a@MM!zip
    W32/Bagz.a@MM
    W32/Mydoom.y@MM
    W32/Bagz.b@MM
    W32/Mydoom.ac@MM
  Email Generic (2)
    W32/Mydoom.gen@MM
    W32/Bagz.gen@MM
  Email Worm (1)
    W32/Mydoom.r@MM
  File Infector (3)
    Hero
    Night.2048
    VCS
  Generic (2)
    W32/Alcop.gen
    W32/Darby.gen
  Generic Worm (21)
    W32/Sdbot.worm.gen
    W32/Spybot.worm.gen.e
    W32/Gaobot.worm.gen.f
    W32/Sdbot.worm.gen.w
    W32/Spybot.worm.gen.i
    W32/Spybot.worm.gen.f
    W32/Spybot.worm.gen.d
    W32/Sdbot.worm.gen.n
    W32/Sdbot.worm.gen.l
    W32/Sdbot.worm.gen.j
    W32/Sdbot.worm.gen.h
    W32/Sdbot.worm.gen.k
    W32/Sdbot.worm.gen.i
    W32/Sdbot.worm.gen.g
    W32/Sdbot.worm.gen.x
    W32/Sdbot.worm.gen.y
    W32/Sdbot.worm.gen.u
    W32/Sdbot.worm.gen.t
    W32/Korgo.worm.gen
    W32/Sdbot.worm.gen.p
    W32/Munstre.worm.gen
  Heuristic (1)
    New AOL
  HTML document (1)
    W32/Nimda.htm
  Internet Worm (6)
    W32/Darby.worm.e
    W32/Sdbot.worm
    W32/Polybot.l!irc
    W32/Nimda.gen@MM
    W32/Korgo.worm.r
    W32/Gaobot.worm.gen.q
  Open Share Worm (1)
    W32/Eyeveg.worm.c
  P2P Worm (1)
    W32/Darby.worm.a
  Universal (2)
    Univ/a
    Univ/j
  VbScript (1)
    New Script
  Win32 (82)
    New Win32.s
    W32/Alcop.ao
    W32/Alcop.ar
    W32/Polybot.bw
    W32/Polybot.bu
    W32/Polybot.bx
    W32/Polybot.bv
    W32/Polybot.bt
    New Win32
    W32/Nimda
    W32/Pate.c
    W32/Pate.a
    W32/Generic.d
    W32/Polybot.ag
    W32/Polybot.v
    W32/Polybot.t
    W32/Polybot.s
    W32/Polybot.r
    W32/Polybot.q
    W32/Polybot.o
    W32/Polybot.n
    W32/Polybot.m
    W32/Polybot.k
    W32/Polybot.j
    W32/Polybot.i
    W32/Polybot.h
    W32/Polybot.g
    W32/Polybot.f
    W32/Polybot.e
    W32/Polybot.c
    W32/Polybot.a
    W32/Polybot.u
    W32/Polybot.d
    W32/Polybot.b
    W32/Polybot.ae
    W32/Polybot.ac
    W32/Polybot.aa
    W32/Polybot.y
    W32/Polybot.w
    W32/Polybot.ad
    W32/Polybot.ab
    W32/Polybot.z
    W32/Polybot.x
    W32/Polybot.af
    W32/Polybot.am
    W32/Polybot.aj
    W32/Polybot.an
    W32/Polybot.al
    W32/Polybot.ai
    W32/Polybot.bz
    W32/Polybot.by
    W32/Polybot.bs
    W32/Polybot.bo
    W32/Polybot.bn
    W32/Polybot.bm
    W32/Polybot.bl
    W32/Polybot.bk
    W32/Polybot.bf
    W32/Polybot.bq
    W32/Polybot.bp
    W32/Polybot.br
    W32/Polybot.bb
    W32/Polybot.ba
    W32/Polybot.bg
    W32/Polybot.be
    W32/Polybot.bd
    W32/Polybot.bc
    W32/Polybot.bh
    W32/Polybot.bj
    W32/Polybot.bi
    W32/Polybot.az
    W32/Polybot.ay
    W32/Polybot.ax
    W32/Polybot.av
    W32/Polybot.aw
    W32/Polybot.au
    W32/Polybot.as
    W32/Polybot.aq
    W32/Polybot.ao
    W32/Polybot.at
    W32/Polybot.ar
    W32/Polybot.ap
  Worm (35)
    W32/Pate.b
    W32/Korgo.worm.ab
    W32/Korgo.worm.aa
    W32/Korgo.worm.ac
    W32/Eyeveg.worm.b
    W32/Eyeveg.worm.a
    W32/Darby.worm
    W32/Darby.worm.d
    W32/Darby.worm.c
    W32/Darby.worm.b
    W32/Sluter.worm.e
    W32/Dedler.worm
    W32/Myfip.worm
    W32/Korgo.worm.ad
    W32/Sdbot.worm!ftp
    W32/Mydoom.t@MM
    W32/Darby.worm.o
    W32/Darby.worm.n
    W32/Darby.worm.m
    W32/Darby.worm.l
    W32/Darby.worm.k
    W32/Darby.worm.j
    W32/Darby.worm.i
    W32/Korgo.worm.z
    W32/Korgo.worm.x
    W32/Jared.worm
    W32/Korgo.worm.y
    W32/Korgo.worm.u
    W32/Korgo.worm.t
    W32/Korgo.worm.s
    W32/Korgo.worm.i
    W32/Korgo.worm.v
    W32/Korgo.worm.k
    W32/Korgo.worm.p
    W32/Korgo.worm.q