Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4411
DAT Release Date 12/01/2004
Threats Detected 109350
New Detections 62
Enhanced Detections 307

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
There are no noteworthy threats in this release

New Detections:

Program (19)
   (10)
    VText-ARCV
    VSource/jh
    CRH3a
    CRH2c
    CRH2a
    VMag69
    CRH3b
    CRH2d
    CRH2b
    CRH1
  Application extension (1)
    Keylog-Ardamax.dll
  Downloader (1)
    Adware-BetterInet.dldr
  Dropper (2)
    Adware-StatBlaster.dr
    Adware-Horoscope.dr
  StartPage (1)
    StartPage-FU
  Tool (4)
    Tool-ServUCRC
    Tool-CACLs
    Tool-SetTime
    Tool-FileFake
Trojan (39)
   (1)
    HackerDefender.ftp
  Damaged (3)
    Linux/BackDoor-GMM.dam
    Linux/Rootkit-S.dam
    PWS-QQcv.dam
  Downloader (5)
    Downloader-SU
    Downloader-ST
    Downloader-SQ
    Downloader-SS
    Downloader-SR
  Dropper (5)
    Downloader-SU.dr
    BackDoor-CJV.dr!chm
    BackDoor-CCL.dr
    BackDoor-CLO.dr
    BackDoor-CLN.dr
  Exploit (2)
    JS/Exploit-MhtRedir
    Linux/Exploit-Mmap
  Generic (2)
    Downloader-SR.gen
    AdClicker-BM.gen
  Keylogger (2)
    Keylog-CC
    Keylog-Iloveukav
  Linux (2)
    Linux/Phobi.b
    Linux/Phobi.a
  Malware Tool (1)
    Spam-GWG
  Password (1)
    PWS-Banker.d
  Password Stealer (2)
    PWS-QQPass.d
    PWS-Linage
  PDA Device (1)
    SymbOS/Skulls.b
  ProcKill (2)
    ProcKill-CG
    ProcKill-CF
  Remote Access (6)
    BackDoor-CLP
    BackDoor-CLO
    BackDoor-CLN
    PHP/BackDoor-CLM
    BackDoor-DO
    Linux/BackDoor-Rev
  Script (1)
    QDel370.bat
  StartPage (2)
    StartPage-FT
    StartPage-FS
  Win32 (1)
    Del-462
Virus (4)
  E-mail (2)
    W32/Mugly.a@MM
    W32/Mugly.b@MM
  Parasitic (1)
    W32/HLLP.Philis.g
  Peer To Peer Worm (1)
    W32/PMX.worm!p2p

Enhanced Detections:

Internet Worm (4)
  - (1)
    W32/Mydoom.p@MM
  E-mail (2)
    W32/Mydoom.u@MM
    W32/Mydoom.v@MM
  P2P Worm (1)
    W32/Generic.worm!p2p
Program (103)
   (3)
    VObj9
    Tool/hop
    VMag68
  - (4)
    PrcView
    Proxy-OSS
    KeyHook.dll
    IMIServer.download
  Adware (23)
    Adware-TVMedia
    Adware-TopMoxie
    Adware-BrowserAid
    Adware-NavHelper
    Adware-Huntbar
    Adware-RBlast.dldr
    Adware-MemWatcher
    Adware-Httper
    Adware-CommonName
    Adware-Gator
    Adware-BuddyLinks
    Adware-SearchAid
    Adware-Holistyc
    Adware-FreeComm
    Adware-Searchcentrix
    Adware-eUniverse
    Adware-RBlast
    Adware-StatBlaster
    Adware-WildMedia
    Adware-Showsearch
    Adware-Horoscope
    Uploader-R
    Adware-Pribi
  Application extension (3)
    Keylog-Qover.dll
    ILookup.dll
    Dialer-Generic.dll
  Dialer (1)
    Dialer-194
  Downloader (3)
    Downloader-BR
    Adware-FreeComm.dldr
    Uploader-R.dldr
  Dropper (7)
    Adware-TopMoxie.dr
    Adware-Lop.dr
    Adware-RBlast.dr
    Adware-FreeComm.dr
    Adware-TVMedia.dr
    Keylog-Ardamax.dr
    Adware-Pribi.dr
  Keylogger (2)
    Keylog-SC
    Keylog-Ardamax
  PornDialer (1)
    Dialer-Generic
  Tool (53)
    Tool-Haxor
    Tool-Telnet
    Tool-BODec
    Tool-MacTime
    Tool-Revert
    Tool-HLPDump
    Tool-Analyze
    Tool-AVPX
    Tool-Podonok
    Tool-Pervert
    Tool-QQPassO
    Tool-QQExpl
    Tool-IconHnt
    Tool-CGIScan
    Tool-AutoPol
    Tool-DNSMast
    Tool-AIMRV
    Tool-ZPacker
    Tool-PEStat
    Tool-ZMist
    Tool-COM2UUE
    Tool-CGAGF
    Tool-Jumin
    Tool-Netacess
    Tool-PGP2TXT
    Tool-RSAKey
    Tool-Tracer
    Tool-PGPDump
    Tool-TXT2DEN
    Tool-Huff
    Tool-AVPOffset
    Tool-VecnaLink
    Tool-Chiton
    Tool-IRXPro
    Tool-MLDE32
    Tool-DumpAIT
    Tool-FTransf
    Tool-SNTPTest
    Tool-InfElf
    Tool-PEWrSec
    Tool-Cerberos
    Tool-Domina
    Tool-TPE
    Tool-Fasong
    Tool-Frank
    Tool-ProxyHun
    Tool-ProxiesR
    Tool-Cookie
    Tool-IconIns
    Tool-SpeedTest
    Tool-Morphine
    Tool-UPolyX
    Tool-DiskInfo
  Win32 (3)
    HideOut
    Virtual Bouncer
    RemAdm-RemoteAdmin
Trojan (128)
   (4)
    QHosts-21
    Phish-BankFraud.eml
    ServU.txt
    QLowZones-4
  Application extension (4)
    PWS-LegMir.dll
    Spy-Tofger.dll
    BackDoor-CGX.dll
    AdClicker-AF.dll
  Configurator (1)
    ProcKill-Q.cfg
  Damaged (1)
    Exploit-MS04-032!gdi.dam
  Demonstration (1)
    Exploit-IframeBO.demo
  Downloader (2)
    JS/Exploit-MhtRedir.ldr
    Downloader-PR
  Dropper (8)
    PWS-Bancban.dr
    PWS-LegMir.dr
    BackDoor-OG.dr
    RemoteAdmin.dr
    PWS-QQcv.dr
    PWS-Ilg.dr
    MultiDropper-LI
    AdClicker-AF.dr
  Exploit (34)
    Exploit-DcomRpc
    Linux/Exploit-SendMail
    Linux/Exploit-Bind
    Linux/Exploit-Cgiexp
    Linux/Exploit-Kerio
    Linux/Exploit-Shellcode
    Linux/Exploit-Freeze
    Linux/Exploit-Sqlexp
    Linux/Exploit-Adminer
    Linux/Exploit-Ciscer
    Linux/Exploit-Mulexp
    Linux/Exploit-BOrifice
    Linux/Exploit-Httpd
    Linux/Exploit-Gdslock
    Linux/Exploit-TearDrop
    Linux/Exploit-OpenSSH
    Linux/Exploit-Nhttpd
    Linux/Exploit-Modgz
    Linux/Exploit-SSPing
    Linux/Exploit-Openssl
    Linux/Exploit-Imspd
    Linux/Exploit-Rsync
    Linux/Exploit-Apache
    Exploit-MhtRedir.gen
    Linux/Exploit-Gildo
    Linux/Exploit-Su
    Linux/Exploit-Vertex
    Exploit-IframeBO!shellcode
    Linux/Exploit-Maxload
    Exploit-MS04-032!gdi
    Linux/Exploit-Teso
    Linux/Exploit-Ghost
    Linux/Exploit-Odm
    Linux/Exploit-Ftpd
  Generic (7)
    APStrojan.gen18
    JS/IEstart.gen.d
    BackDoor-AKM.gen
    BackDoor-EE.gen
    PWS-Bancban.gen.d
    PWS-LDPinch.gen.b
    Spy-Tofger.gen.a
  Internet Relay Chat (1)
    IRC/Flood.am
  Password (2)
    PWS-LegMir
    PWS-LDPinch
  Password Stealer (3)
    PWS-QQcv
    PWS-Ilg
    PWS-Vipgsm
  PDA Device (1)
    SymbOS/Skulls.a
  Process (2)
    ProcKill-AE
    ProcKill-AF
  ProcKill (21)
    ProcKill-BW
    ProcKill-H
    ProcKill-F
    ProcKill-BT
    ProcKill-BO
    ProcKill-BJ
    ProcKill-AU
    ProcKill-AL
    ProcKill-AC
    ProcKill-AA
    ProcKill-S
    ProcKill-Q
    ProcKill-P
    ProcKill-M
    ProcKill-L
    ProcKill-K
    ProcKill-J
    ProcKill-F.cln
    ProcKill-D
    ProcKill-C
    ProcKill-BX
  Proxy (1)
    Proxy-Agent.c
  Remote Access (21)
    BackDoor-AXJ
    BackDoor-ATM.gen
    BackDoor-CCL
    Linux/BackDoor-Cym
    Linux/BackDoor-Note.b
    Linux/BackDoor-Note.a
    Linux/BackDoor-Small
    Linux/BackDoor-Promptte
    BackDoor-CGX
    Backdoor-EE
    BackDoor-UK
    BackDoor-ANC
    Linux/BackDoor-GMM
    Linux/BackDoor-Regile
    BackDoor-C
    Linux/BackDoor-Login
    Linux/BackDoor-Rooted
    BackDoor-CJV
    Linux/BackDoor-Oboy
    BackDoor-BDH
    Linux/BackDoor-Pulamea
  Script (2)
    JV/GoPlanet.reg
    ServU.bat
  StartPage (3)
    StartPage-BN
    StartPage-DX
    StartPage-DU
  Win32 (9)
    Generic PWS.a
    Generic Downloader.a
    Reg/Seeker
    Generic Delphi
    Generic StartPage.f
    Sevenma
    QFav-1
    AdClicker-BM
    DDoS-PPPLink
Virus (72)
  Damaged (2)
    W32/Sober.dam
    W32/Bagle.dam
  Damaged Worm (3)
    W32/Gaobot.worm.dam
    W32/Protoride.worm.dam
    W32/Sdbot.worm.dam
  E-mail (10)
    W32/Mydoom.b@MM
    W32/Mydoom.h@MM
    W32/Mydoom.e@MM
    W32/Bagle.j@MM
    W32/Bagle.k@MM
    W32/Mydoom.o@MM
    W32/Anzae.worm.a
    W32/Bagle.af@MM
    W32/Bagle.ad@MM
    W32/Mydoom.k@MM
  E-mail worm (15)
    W32/Bagle.n@MM
    W32/Bagle.p@MM
    W32/Bagle.q@MM
    W32/Bagle.t@MM
    W32/Mydoom.g@MM
    W32/Mydoom.f@MM
    W32/Bagle.c@MM
    W32/Bagle.r@MM
    W32/Bagle.s@MM
    W32/Bagle.aa@MM
    W32/Anzae.worm.d
    W32/Anzae.worm.b
    W32/Mydoom.z@MM
    W32/Bagle.ah@MM
    W32/Mydoom.ab@MM
  Email (8)
    W32/Mydoom.i@MM
    W32/Bagle.al@MM
    W32/Mydoom.j@MM
    W32/Mydoom.x@MM
    W32/Mydoom.w@MM
    W32/Mydoom.a@MM
    W32/Mydoom.m@MM
    W32/Mydoom.l@MM
  Email Worm (2)
    W32/Mydoom.r@MM
    W32/Anzae.worm.c
  Exploit (1)
    Exploit-MS04-11
  Generic (2)
    W32/Bagle!eml.gen
    SymbOS/Cabir.gen
  Generic Worm (13)
    W32/Sdbot.worm.gen
    W32/Gaobot.worm.gen.f
    W32/Gaobot.worm.gen.e
    W32/Sdbot.worm.gen.w
    W32/Gaobot.worm.gen.l
    W32/Sdbot.worm.gen.n
    W32/Sdbot.worm.gen.l
    W32/Sdbot.worm.gen.j
    W32/Sdbot.worm.gen.h
    W32/Sdbot.worm.gen.i
    W32/Sdbot.worm.gen.u
    W32/Sdbot.worm.gen.t
    W32/Sdbot.worm.gen.p
  Internet Worm (3)
    W32/Bagle.d@MM
    W32/Mydoom.s@MM
    W32/Gaobot.worm.gen.q
  mIRC Worm (1)
    W32/Protoride.worm
  VBScript worm (1)
    VBS/Redlof@M
  Win32 (9)
    W32/Bagle.o!proxy
    W32/Sober.eml
    W32/Bagle.aj!proxy
    W32/Generic.d
    W32/Bagle.an
    W32/Bagle.z
    W32/Sober.j.eml!exe
    W32/Bagle.ao
    W32/Zelly
  Worm (2)
    W32/Dedler.worm
    W32/Mydoom.t@MM