Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4422
DAT Release Date 01/26/2005
Threats Detected 114171
New Detections 143
Enhanced Detections 458

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
There are no noteworthy threats in this release

New Detections:

Program (16)
  Adware (3)
    Adware-Simbar
    Adware-Forbes.lnk
    Adware-abetterintrnt
  Dialer (3)
    Dialer-RAS.aj.lnk
    Dialer-250
    Dialer-241
  Downloader (1)
    Downloader-UI
  Dropper (1)
    Adware-abetterintrnt.dr
  Joke (1)
    Joke-TypeHere
  Linux (1)
    Linux/Madscan
  Malware Tool (1)
    PWCrack-Hydra
  ProcKill (1)
    ProcKill-CH
  Script (1)
    Bat/wou
  Tool (2)
    Tool-Haxxor
    Tool-PassList
  Win32 (1)
    TightVNC
Trojan (84)
   (7)
    QHosts-24
    QHosts-23
    Generic Downloader.o
    B2E/Tem
    B2E/cd
    B2C/Jok
    B2C/Delwin5
  Application extension (4)
    Downloader-UP.dll
    Capswitch.dll
    PWS-Banker.k.dll
    BackDoor-CNJ.dll
  Downloader (8)
    Downloader-UU
    Downloader-UQ
    Downloader-UP
    Downloader-UO
    Downloader-UM
    Downloader-UL
    Downloader-UK
    Downloader-UJ
  Dropper (6)
    StartPage-CQ.dr
    Downloader-UM.dr
    Downloader-NL.dr
    PWS-Postb.dr
    IRC/Flood.er.dr
    MultiDropper-MF
  Generic (2)
    PWS-Narod.gen
    PWS-Iyus.gen
  Internet Relay Chat (2)
    IRC/Flood.er
    IRC/BackDoor.j
  Keylogger (1)
    Keylog-Viane
  Macro (1)
    W97M/Dloader
  Password Stealer (6)
    PWS-Postb
    PWS-Lobo
    PWS-Banker.l
    PWS-Banker.k
    PWS-Banker.j
    Linux/PWS-LogX
  ProcKill (1)
    ProcKill-CI
  Proxy (1)
    Proxy-EasySearch
  Remote Access (12)
    BackDoor-CNI
    BackDoor-CNH
    BackDoor-CNG
    BackDoor-CNF
    BackDoor-CNE
    BackDoor-CND
    BackDoor-CNC
    BackDoor-CNB
    BackDoor-CNA
    BackDoor-CEB.f
    BackDoor-CEB.f.sys
    Linux/BackDoor-Caca
  Script (25)
    ServU.bat2exec
    QLowZones.bat
    Bat/pb
    Bat/sorin
    Bat/qz142
    Bat/qkc
    Bat/qd277
    Bat/qd276
    Bat/qd275
    Bat/qd274
    Bat/psw
    Bat/oak
    Bat/net2
    Bat/mxh
    Bat/gar
    Bat/avk43
    Bat/avk42
    Bat/avk41
    Bat/avk40
    Bat/avk39
    Bat/avk38
    Bat/avk37
    Bat/avk36
    VBS/Globe
    VBS/Bagies
  StartPage (2)
    StartPage-GC
    StartPage-GD
  Win32 (6)
    Spy-Lgoner
    QLowZones-11
    Generic Downloader.n
    CGIPager-D
    Capswitch
    Generic BackDoor.q
Virus (43)
   (4)
    LNK/AceSpades
    Voyager.664
    ASP/Silky
    SymbOS/Skulls!aif
  Application extension (1)
    W32/Mydoom.as.dll
  Application extension Worm (1)
    W32/Dodobot.worm.dll
  Downloader (1)
    IRC/Generic.dldr
  Email (8)
    VBS/Gomez@MM
    W32/Nimda.u@MM
    W32/Mydoom.at@MM
    W32/Mydoom.as@MM
    W32/Mydoom.ar@MM
    W32/Mugly.h@MM
    W32/Kipis.e@MM
    W32/Kipis.d@MM
  Email Generic (1)
    W32/Straker.gen@MM
  Generic Worm (2)
    W32/Oddbob.worm.gen
    W32/Sdbot.worm.gen.ac
  Internet Worm (1)
    W32/Bropia.worm.d
  Peer To Peer (2)
    VBS/Pwac!p2p
    W32/Vance!p2p
  Peer To Peer Worm (2)
    W32/Xoxo.worm.b!p2p
    W32/Xoxo.worm.a!p2p
  Script (1)
    VBS/Swell
  Win32 (14)
    SymbOS/Lasco
    W32/Generic.Delphi.c
    W32/Generic.Delphi.b
    W32/Generic.Delphi.a
    W32/Polybot.ce
    W32/Polybot.cd
    W32/Xoxo!hosts
    W32/Wabrex
    W32/Qeds
    W32/Qeds!keylog
    W32/Mydoom.ao
    W32/Frethem.aa
    W32/Bagle.bi
    W32/Bagle.bh
  Worm (5)
    W32/Oddbob.worm.c
    W32/Oddbob.worm.b
    W32/Oddbob.worm.a
    W32/Bropia.worm.c
    W32/Bobax.worm.d

Enhanced Detections:

Internet Worm (4)
  E-mail (3)
    W32/Bagle.gen@MM
    W32/Mydoom.u@MM
    W32/Mydoom.v@MM
  VbScript (1)
    VBS/Generic@MM
Program (98)
   (2)
    FastSearchWeb
    CRH4a
  - (3)
    Iroffer
    HideWindow
    RemAdm-PSKill
  Adware (12)
    IPSentry
    Adware-BetterInet
    Adware-CommonName
    Adware-NukeNabber
    Adware-l.lnk
    Adware-LeakTest
    Adware-IopusStarr
    Adware-den.lnk
    Adware-MotherbrdMon
    Adware-.aj.lnk
    Adware-er.lnk
    Adware-SecondThought.lnk
  Application extension (2)
    Adware-CommonName.dll
    Dialer-Generic.dll
  Dialer (4)
    Dialer-RAS.di
    Dialer-RAS.as
    Dialer-185
    Dialer-226
  Downloader (3)
    Downloader-BR
    Downloader-KL
    Downloader-JV
  Dropper (1)
    Adware-BetterInet.dr
  Generic (17)
    Dialer-RAS.bw.gen
    Dialer-RAS.bb.gen
    Dialer-RAS.bd.gen
    Dialer-RAS.v.gen
    Dialer-RAS.ax.gen
    Dialer-RAS.bo.gen
    Dialer-RAS.cc.gen
    Dialer-RAS.ck.gen
    Keylog-Perfect.gen
    Dialer-RAS.cx.gen
    Dialer-RAS.cz.gen
    Dialer-RAS.dk.gen
    Dialer-RAS.dl.gen
    Dialer-RAS.dg.gen
    Dialer-RAS.dd.gen
    Adware-RAS.bb.gen.url
    Adware-Perfect.gen
  Keylogger (1)
    Keylog-Perfect.url
  Malware Tool (1)
    PWCrack-PassView
  PornDialer (1)
    Dialer-Generic
  Proxy (1)
    Proxy-Speednet
  Remote Access (2)
    ServU-Daemon
    iSpyNOW
  Spyware (1)
    Keylog-Perfect
  Tool (41)
    HideRun
    Tool-Haxor
    Tool-Telnet
    Tool-BODec
    Tool-MacTime
    Tool-Revert
    Tool-HLPDump
    Tool-Analyze
    Tool-AVPX
    Tool-Podonok
    Tool-Pervert
    Tool-QQPassO
    Tool-QQExpl
    Tool-IconHnt
    Tool-CGIScan
    Tool-AutoPol
    Tool-DNSMast
    Tool-AIMRV
    Tool-ZPacker
    Tool-PEStat
    Tool-ZMist
    Tool-COM2UUE
    Tool-CGAGF
    Tool-Jumin
    Tool-Netacess
    Tool-IRXPro
    Tool-MLDE32
    Tool-SNTPTest
    Tool-InfElf
    Tool-PEWrSec
    Tool-Cerberos
    Tool-Domina
    Tool-FileFake
    Tool-Fasong
    Tool-Frank
    Tool-Joekoe
    Tool-ProxyHun
    Tool-ProxiesR
    Tool-Cookie
    Tool-IconIns
    Tool-DiskInfo
  Win32 (6)
    Renamed mIRC Client
    HideExec
    HiddenRun
    Packed mIRC Client
    Virtual Bouncer
    RemAdm-ProcLaunch
Trojan (181)
   (6)
    Generic BackDoor.d
    CAU
    Phish-BankFraud.eml
    B2C/Dracula
    ServU.txt
    Generic!pwdrar
  - (3)
    ProcKill-AJ
    IRC/Flood.bc
    IRC/Flood.mirc
  Application extension (35)
    BackDoor-CAR.dll
    BackDoor-BAE.dll
    BackDoor-AGS.dll
    BackDoor-CBH.dll
    BackDoor-WB.dll
    BackDoor-CAY.dll
    BackDoor-CGU.dll
    BackDoor-CHF.dll
    BackDoor-CHC.dll
    BackDoor-AKM.dll
    BackDoor-BAC.dll
    BackDoor-ACH.dll
    BackDoor-CAF.dll
    BackDoor-AUJ.dll
    BackDoor-CCV.dll
    BackDoor-CDF.dll
    BackDoor-CDL.dll
    PWS-Iyus.dll
    BackDoor-CHI.dll
    BackDoor-CHJ.dll
    BackDoor-CMA.dll
    StartPage-DU.dll
    BackDoor-CIO.dll
    Downloader-TV.dll
    AdClicker-BV.dll
    PWS-Lineage.dll
    BackDoor-CGT.dll
    PWS-LDPinch.dll!ldr
    BackDoor-CGG.dll
    BackDoor-CCL.dll
    BackDoor-CFO.dll
    BackDoor-CFI.dll
    BackDoor-CFK.dll
    BackDoor-CJF.dll
    BackDoor-AKD.dll
  Application extension Generi (1)
    BackDoor-AXJ.dll.gen
  Client (1)
    BackDoor-FR.cli
  Configuration settings (1)
    ServU.ini
  Configurator (2)
    ProcKill-Q.cfg
    Downloader-CL.cfg
  Downloader (13)
    Downloader-CL
    Downloader-JH
    Downloader-RY
    Downloader-RU
    Downloader-TA.dll
    Downloader-TB
    PWS-Bancban.dldr
    Downloader-UE
    Downloader-PH
    Downloader-PY
    Downloader-ME
    Downloader-GG!chm
    Downloader-TP
  Dropper (4)
    PWS-Bancos.dr
    IRC/Flood.gen.dr
    BackDoor-FR.dr
    RemoteAdmin.dr
  Exploit (3)
    VBS/Psyme
    Exploit-IIS.Unicode
    Exploit-DFind
  Generic (5)
    IRC/Flood.gen.b
    BackDoor-AZX.gen
    PWS-Bancos.gen
    BackDoor-BAC.gen
    BackDoor-BAC.gen.b
  Internet Relay Chat (3)
    IRC/Generic Flooder
    IRC/Flood.c
    IRC/Flood.b
  Password (3)
    PWS-Bancos
    PWS-LDPinch
    PWS-Bancban
  Password Stealer (7)
    Generic PWS.e
    Generic PWS.b
    PWS-QQDrag
    Generic PWS.f
    Generic PWS.g
    Generic PWS.i
    Generic PWS.k
  PDA Device (1)
    SymbOS/Skulls.a
  Process (2)
    ProcKill-AE
    ProcKill-AF
  ProcKill (23)
    ProcKill-BW
    ProcKill-H
    ProcKill-F
    ProcKill-BT
    ProcKill-BO
    ProcKill-BJ
    ProcKill-AU
    ProcKill-AL
    ProcKill-AC
    ProcKill-AA
    ProcKill-S
    ProcKill-Q
    ProcKill-P
    ProcKill-M
    ProcKill-L
    ProcKill-K
    ProcKill-J
    ProcKill-F.cln
    ProcKill-D
    ProcKill-C
    ProcKill-AK
    ProcKill-CG
    ProcKill-BX
  Proxy (4)
    Proxy-FBSR
    Proxy-Agent.c
    Proxy-Agent.b
    Proxy-Piky
  Remote Access (43)
    BackDoor-ACH
    Backdoor-CAK
    BackDoor-ASB
    Backdoor-AZF
    BackDoor-BBA
    BackDoor-AVW
    Linux/BackDoor-Cym
    Linux/BackDoor-Note.b
    Linux/BackDoor-Note.a
    Linux/BackDoor-Small
    BackDoor-BAC
    BackDoor-CDX
    BackDoor-CDY
    BackDoor-CCT.dll
    Linux/BackDoor-Promptte
    BackDoor-AZZ
    BackDoor-AZX
    BackDoor-BCD
    BackDoor-CCU
    BackDoor-CEJ
    BackDoor-BDT
    Linux/BackDoor-Regile
    BackDoor-BDS
    Linux/BackDoor-Login
    Linux/BackDoor-Rev
    BackDoor-CEB.b.sys
    Generic BackDoor.l
    BackDoor-CEO
    BackDoor-CHT
    BackDoor-CIB
    Linux/BackDoor-Rooted
    BackDoor-CMA
    BackDoor-CID
    BackDoor-OR
    Linux/BackDoor-Oboy
    BackDoor-CIS
    BackDoor-CEB.c.sys
    BackDoor-CJG
    Generic BackDoor.m
    BackDoor-CFB
    BackDoor-CFE
    Linux/BackDoor-Pulamea
    BackDoor-CJD
  Script (2)
    Univ.script/99a
    ServU.bat
  Server (1)
    BackDoor-FR.svr
  StartPage (3)
    StartPage-FX
    StartPage-DU
    StartPage-FY
  Tool (2)
    Tool-Xscan
    Tool-Uptime
  Win32 (13)
    Generic VB
    AdClicker-X
    Generic Downloader.a
    Generic Downloader.c
    BackDoor-FR
    Generic BackDoor.c
    NTServiceLoader
    ZapChast
    QLowZones-2
    AdClicker-BA
    QLowZones-10
    DDoS-Boxed
    Generic Downloader.h
Virus (175)
   (42)
    Vienna.822
    Vienna.901
    Vienna.636
    Vienna.605
    Vienna.510
    Voyager.315
    SymbOS/Cabir!ezboot.e
    SymbOS/Cabir!ezboot.d
    SymbOS/Cabir!ezboot.c
    SymbOS/Cabir!ezboot
    SymbOS/Cabir.t
    SymbOS/Cabir.r
    SymbOS/Cabir.p
    SymbOS/Cabir.n
    SymbOS/Cabir.l
    SymbOS/Cabir!ezboot.s
    SymbOS/Cabir!ezboot.o
    SymbOS/Cabir!ezboot.k
    SymbOS/Cabir!ezboot.f
    SymbOS/Cabir.k!sis
    SymbOS/Cabir.i!sis
    SymbOS/Cabir.b!sis
    SymbOS/Skulls.c
    SymbOS/Cabir.g
    SymbOS/Cabir.f
    SymbOS/Cabir.b
    SymbOS/Cabir.a
    SymbOS/Cabir!ezboot.t
    SymbOS/Cabir!ezboot.r
    SymbOS/Skulls.d
    SymbOS/Cabir.s
    SymbOS/Cabir.q
    SymbOS/Cabir.o
    SymbOS/Cabir.m
    SymbOS/Cabir.k
    SymbOS/Cabir!ezboot.q
    SymbOS/Cabir!ezboot.p
    SymbOS/Cabir!ezboot.n
    SymbOS/Cabir.l!sis
    SymbOS/Cabir.j!sis
    SymbOS/Cabir.h!sis
    SymbOS/Cabir.u
  Application extension (1)
    W32/HLLP.Philis.dll
  Damaged (2)
    W32/Netsky.q.dam
    W32/Bagle.dam
  Damaged Worm (3)
    W32/Spybot.worm.dam
    W32/Gaobot.worm.dam
    W32/Sdbot.worm.dam
  Dropper (1)
    SymbOS/Cabir.dr!skulls
  E-mail (10)
    W32/Bagle.j@MM
    W32/Bagle.k@MM
    W32/Mydoom.o@MM
    W32/Mugly.a@MM
    W32/Mugly.b@MM
    W32/Mydoom.ap@MM
    W32/Mydoom.ae@MM
    W32/Bagle.af@MM
    W32/Mugly.d@MM
    W32/Bagle.ad@MM
  E-mail worm (13)
    W32/Bagle.n@MM
    W32/Bagle.p@MM
    W32/Bagle.q@MM
    W32/Bagle.t@MM
    W32/Bagle.c@MM
    W32/Bagle.r@MM
    W32/Bagle.s@MM
    W32/Bagle.z@MM
    W32/Bagle.aa@MM
    W32/Bagle.ah@MM
    W32/Mydoom.n@MM
    W32/Mydoom.ab@MM
    W32/Kipis.b@MM
  Email (28)
    Bat/BWG.c@MM
    W32/Nimda.q@MM
    W32/Nimda@MM
    W32/Nimda.j@MM
    W32/Nimda.l@MM
    W32/Nimda.f@MM
    W32/Nimda.b@MM
    W32/Nimda.s@MM
    W32/Nimda.p@MM
    W32/Nimda.o@MM
    W32/Nimda.i@MM
    W32/Nimda.n@MM
    W32/Nimda.m@MM
    W32/Nimda.h@MM
    W32/Nimda.c@MM
    W32/Bagle.al@MM
    W32/Vampa@MM
    Bat/BWG.d@MM
    Bat/BWG.e@MM
    W32/Mydoom.d@MM
    W32/Mydoom.aa@MM
    W32/Mydoom.af@MM
    W32/Mydoom.ad@MM
    W32/Mugly.g@MM
    W32/Kipis.c@MM
    W32/Mugly.f@MM
    W32/Mydoom.y@MM
    W32/Mydoom.ac@MM
  Email Generic (2)
    W32/Mydoom.gen@MM
    W32/Kipis.gen@MM
  Email Worm (3)
    W32/Mydoom.r@MM
    W32/Mirsa@MM
    W32/Kipis.a@MM
  File Infector (1)
    Vienna
  Generic (5)
    Bat/BWG.gen.b
    SymbOS/Cabir.gen!sis
    W32/Bagle.gen
    W32/Poebot.gen
    SymbOS/Cabir.gen
  Generic Worm (21)
    W32/Sdbot.worm.gen
    W32/Spybot.worm.gen.e
    W32/Gaobot.worm.gen.e
    W32/Sdbot.worm.gen.w
    W32/Spybot.worm.gen.f
    W32/Spybot.worm.gen.a
    W32/Sdbot.worm.gen.e
    W32/Wozer.worm.gen
    W32/Gaobot.worm.gen.j
    W32/Sdbot.worm.gen.n
    W32/Sdbot.worm.gen.l
    W32/Sdbot.worm.gen.j
    W32/Sdbot.worm.gen.h
    W32/Gaobot.worm.gen.n
    W32/Sdbot.worm.gen.i
    W32/Sdbot.worm.gen.x
    W32/Gaobot.worm.gen.t
    W32/Sdbot.worm.gen.y
    W32/Sdbot.worm.gen.t
    W32/Gaobot.worm.gen.s
    W32/Bobax.worm.gen
  Heuristic (1)
    New Malware.b
  Internet Worm (6)
    W32/Sdbot.worm
    W32/Bagle.d@MM
    JS/Yama.gen@M
    W32/Bropia.worm.gen
    W32/Bobax.worm.a
    W32/Gaobot.worm.gen.q
  Parasitic (1)
    W32/HLLP.Philis.j
  PDA Device (6)
    SymbOS/Cabir.e
    SymbOS/Cabir.c
    SymbOS/Cabir.h
    SymbOS/Cabir.d
    SymbOS/Cabir.i
    SymbOS/Cabir.j
  Peer To Peer (3)
    Bat/Cobat!p2p
    W32/Generic.c!p2p
    W32/Tibick!p2p
  Peer To Peer Worm (1)
    W32/Xoxo.worm!p2p
  Script (2)
    VBS/Generic
    VBS/Umbriel.b
  Win32 (13)
    New Win32.s
    New Poly Win32
    W32/Bagle.o!proxy
    W32/Bagle.aj!proxy
    New Win32
    W32/Bagle.ap
    W32/Bagle.an
    W32/Bagle.z
    W32/Bagle.ao
    W32/Bagle.as
    W32/Mydoom
    W32/Bagle.ax
    W32/Bagle.ay
  Win9x (1)
    W95/Zombie
  Worm (9)
    W32/Dedler.worm
    W32/Dodobot.worm
    W32/Sdbot.worm!ftp
    W32/Mydoom.t@MM
    W32/Bropia.worm.b
    W32/Bropia.worm.a
    W32/Dipnet.worm
    W32/Bobax.worm.b
    W32/Bobax.worm.c