Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4425
DAT Release Date 02/02/2005
Threats Detected 115033
New Detections 173
Enhanced Detections 510

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
There are no noteworthy threats in this release

New Detections:

Program (64)
   (40)
    VText.98
    VText.19
    VText.18c
    VText.18b
    VText.18a
    VText.17c
    VText.17b
    VText.17a
    VText.16b
    VText.16a
    VText.15
    VText.14
    VText.13
    VText.12
    VText.11a
    VText.10b
    VText.10a
    VText.9a
    VText.8b
    VText.8a
    VText6
    VText.4b
    VText.3c
    VText.3b
    VText.3a
    VText.2f
    VText.2e
    VText.2d
    VText.2c
    VText.2a
    VText.1a
    Picture-MoD
    VText.99
    VText.7
    VText.5
    VText.4a
    Tool/deltr3
    VText.2b
    VText.1b
    Tool/fmt15
  Adware (14)
    Adware-WorldAnywhere
    Adware-Startoolbar
    Adware-ITK
    Adware-FreeScratch
    Adware-CoolWebSearch
    Adware-BargainBuddy
    Adware-TrojanClicker
    Adware-StartToolBar
    Adware-MyWebSearch
    Adware-MarketScore
    Adware-HotAction
    Adware-GoldenEye
    Adware-FlashTrack
    Adware-BonziBuddy
  Application extension (1)
    Adware-SAHAgent.dll
  Configuration settings (1)
    Adware-Adroar.ini
  Dialer (2)
    Dialer-243
    Dialer-242
  Dropper (1)
    Adware-BargainBuddy.dr
  Malware Tool (1)
    HTool/reg
  Spyware (2)
    Spyware-ModemSpy
    Spyware-GurlWatcher
  Tool (2)
    Tool-DecryptWM
    Tool-CPUInfo
Trojan (78)
   (18)
    Uhanfo
    Shark.c
    Killwin.b
    KillCMOS.j
    Killall
    Hunter
    Horse4
    Horse3
    Horse2
    Horse1
    Diskfill
    B2C/QD2
    B2C/dt2
    SymbOS/Locknut
    Generic!rar
    QHosts-25
    Paperwaste
    Del-466
  Application extension (3)
    Proxy-Raser.dll
    Keylog-HKH.dll
    BackDoor-CNM.dll
  Boot (1)
    Graven.b
  Configurator (1)
    Downloader-IW.cfg
  Disk erasing (1)
    QZap369
  Downloader (9)
    Downloader-UW
    Downloader-UT
    Downloader-PZ!chm
    Downloader-UY
    Downloader-UX
    Downloader-UR
    Downloader-UZ
    Downloader-UV
    PWS-Lineage.dldr
  Dropper (3)
    AdClicker-BA.dr
    MultiDropper-MG
    Proxy-Raser.dr
  Exploit (2)
    Exploit-M3U
    Exploit-ObscuredHtml
  Flooder (1)
    FDoS-Yesir
  Keylogger (1)
    Keylog-HKH
  Partition (1)
    LD
  Password Stealer (2)
    PWS-Leneage!chm
    PWS-GetMail
  Remote Access (5)
    BackDoor-CNP
    BackDoor-CNL
    BackDoor-CNO
    BackDoor-CNM
    BackDoor-CNK
  Script (25)
    Bat/esec8
    Bat/esec5
    Bat/esec4
    Bat/esec3
    Bat/esec2
    Bat/esec1
    Bat/redsky
    Bat/qz145
    Bat/qz144
    Bat/qz143
    Bat/qd282
    Bat/qd281
    Bat/qd280
    Bat/qd278
    Bat/ehk
    Bat/dt139
    Bat/dbh
    Bat/avk47
    Bat/avk46
    Bat/avk45
    Bat/avk44
    Bat/esec7
    Bat/esec6
    Bat/qd279
    New Dropper.vbs
  StartPage (2)
    StartPage-GF
    StartPage-GE
  Win32 (3)
    Generic MultiDropper.d
    Balyz
    AgentHacker
Virus (31)
  Email (2)
    W32/Maslan.d@MM
    W32/Buchon.j@MM
  Email Worm (1)
    W32/Mugly.i@MM
  Generic (2)
    W32/Prox.gen
    W32/Ronik.gen
  Internet Relay Chat (1)
    W32/Botet!irc
  Internet Worm (1)
    W32/Sdbot.worm!166912
  Remote Access (1)
    BackDoor-CNJ
  Script (5)
    Bat/shutdown
    Bat/sdwn5
    Bat/sdwn4
    Bat/bleh
    Bat/backq
  Win32 (9)
    W32/Nemsi.b
    W32/Buchon.i!keylog
    W32/Blandie
    W32/Bagle.aa
    W32/Balyz
    W32/Netsky
    W32/Nemsi.a
    W32/Elfish
    W32/Buchon.i
  Worm (9)
    HLLW.5920
    W32/Bropia.worm.e
    W32/Bobax.worm.j
    W32/Bobax.worm.h
    W32/Bobax.worm.f
    W32/Bropia.worm.f
    W32/Bobax.worm.i
    W32/Bobax.worm.g
    W32/Bobax.worm.k

Enhanced Detections:

Internet Worm (11)
  E-mail (2)
    W32/Mydoom.u@MM
    W32/Mydoom.v@MM
  E-mail worm (6)
    W32/Netsky.i@MM
    W32/Netsky.b@MM
    W32/Netsky.t@MM
    W32/Netsky.s@MM
    W32/Netsky.c@MM
    W32/Netsky.a@MM
  P2P Worm (1)
    W32/Generic.worm!p2p
  VbScript (1)
    VBS/Generic@MM
  Worm (1)
    W32/Gant.gen@MM
Malware (1)
  Exploit (1)
    Exploit-CodeBase
Program (62)
   (5)
    Reg-DetectNames2
    Reg-DetectKeys7
    Reg-DetectKeys2
    Generic Downloader.i
    VSource/pag
  - (1)
    Iroffer
  Adware (7)
    Adware-SAHAgent
    Adware-SRNG
    Adware-Gator
    Adware-IEDriver
    Adware-Adroar
    Adware-WhenUSearch
    Adware-xplus
  Application extension (1)
    Dialer-Generic.dll
  Dialer (3)
    Dialer-RAS.aj
    Dialer-RAS.aj.lnk
    Dialer-188
  Dropper (1)
    Adware-SAHAgent.dr
  Remote Access (1)
    ServU-Daemon
  Tool (42)
    Tool-Haxor
    Tool-Telnet
    Tool-BODec
    Tool-MacTime
    Tool-Revert
    Tool-HLPDump
    Tool-Analyze
    Tool-AVPX
    Tool-Podonok
    Tool-Pervert
    Tool-QQPassO
    Tool-QQExpl
    Tool-IconHnt
    Tool-CGIScan
    Tool-AutoPol
    Tool-DNSMast
    Tool-AIMRV
    Tool-ZPacker
    Tool-PEStat
    Tool-ZMist
    Tool-COM2UUE
    Tool-CGAGF
    Tool-Jumin
    Tool-Netacess
    Tool-IRXPro
    Tool-MLDE32
    Tool-SNTPTest
    Tool-InfElf
    Tool-PEWrSec
    Tool-Cerberos
    Tool-Domina
    Tool-FileFake
    Tool-Fasong
    Tool-Frank
    Tool-Joekoe
    Tool-ProxyHun
    Tool-Haxxor
    Tool-ProxiesR
    Tool-Cookie
    Tool-IconIns
    Tool-SpeedTest
    Tool-DiskInfo
  Win32 (1)
    Hiddukel
Trojan (128)
   (10)
    Generic BackDoor.d
    ARM
    KillMBR
    Killwin
    Generic Downloader.o
    B2C/esec
    AdClicker-BQ
    Phish-BankFraud.eml
    Generic.b3
    Generic!pwdrar
  Application extension (6)
    AFXrootkit.dll
    PWS-Legmir.dll
    Keylog-SCLog.dll
    PWS-Iyus.dll
    StartPage-DU.dll
    PWS-Banker.dll
  Client (1)
    BackDoor-BAC.cli
  Configuration settings (1)
    HackerDefender.ini
  Configurator (2)
    ServU.cfg
    BackDoor-CEP.cfg
  Demonstration (1)
    JS/Exploit-DialogArg.a.demo
  Denial Of Svc (1)
    IRC/Flood.ak
  Downloader (8)
    Downloader-UU
    ServU.ldr
    Downloader-RU
    Downloader-NV
    Downloader-TA.dll
    Downloader-TA
    PWS-Bancban.dldr
    Downloader-PS
  Downloader Generic (1)
    Proxy-FBSR.gen.dldr
  Dropper (11)
    PWS-Bancos.dr
    AFXrootkit.dr
    PWS-Bancban.dr
    MultiDropper-IY
    PWS-Postb.dr
    ServU.dr
    BackDoor-CEP.dr
    ZapChast.dr
    BackDoor-CKA.dr
    PWS-Goldun.dr
    PWS-Banker.dr
  Exploit (8)
    Exploit-DcomRpc
    VBS/Psyme
    Exploit-MhtRedir.gen
    JS/Exploit-DDay
    Exploit-1Table
    JS/Exploit-DialogArg.b
    Exploit-MhtRedir!chm
    JS/Exploit-DialogArg.a
  File deleting (1)
    QDel370
  Generic (30)
    IRC/Flood.gen.b
    BackDoor-MD.gen
    BackDoor-BT.gen
    BackDoor-EE.gen
    BackDoor-QT.gen
    BackDoor-ANG.gen
    BackDoor-AMZ.gen
    BackDoor-AOC.gen
    BackDoor-AOA.gen
    BackDoor-AOI.gen
    BackDoor-AOY.gen
    BackDoor-AQG.gen
    BackDoor-AQR.gen
    BackDoor-AQY.gen
    BackDoor-AQU.gen
    BackDoor-ARU.gen
    BackDoor-ASB.gen
    BackDoor-ATF.gen
    BackDoor-ABZ.gen
    BackDoor-AUO.gen
    BackDoor-ATP.gen
    BackDoor-IV.gen
    BackDoor-MQ.gen
    PWS-Bancos.gen
    Proxy-FBSR.gen
    JS/Exploit-DialogArg.gen
    AFXrootkit.gen
    BackDoor-WB.gen.c
    BackDoor-BAC.gen.b
    Spy-Tofger.gen.a
  Heuristic (1)
    New Malware.d
  Internet Relay Chat (1)
    IRC-Dalixy
  Malware Tool (1)
    NTRootKit-H
  Password (5)
    PWS-Bancos
    PWS-LegMir
    PWS-QQPass
    PWS-LDPinch
    PWS-Bancban
  Password Stealer (8)
    PWS-Postb
    PWS-Banker.l
    PWS-QQRob
    PWS-Banker
    PWS-LegMir!chm
    PWS-Lineage
    PWS-Goldun
    PWS-YahooPass
  Proxy (3)
    Proxy-FBSR
    Proxy-Agent.c
    Proxy-Agent.a
  Remote Access (18)
    BackDoor-ARR
    BackDoor-ASE
    Backdoor-TW
    BackDoor-BCB
    BackDoor-HV
    BackDoor-AQX
    BackDoor-ARD
    BackDoor-ASO
    BackDoor-AST
    BackDoor-CNB
    BackDoor-AWC
    BackDoor-AWU
    BackDoor-AQQ
    BackDoor-TC
    BackDoor-AZZ
    BackDoor-CLH
    BackDoor-CKA
    BackDoor-CEP
  Script (1)
    Bat/qd243
  StartPage (1)
    StartPage-FT
  Tool (1)
    Tool-Uptime
  Win32 (7)
    Generic Downloader.a
    HackerDefender
    ZapChast
    Generic Downloader.m
    DDoS-Boxed
    Generic BackDoor.j
    Generic Downloader.h
Virus (308)
   (7)
    Avalanche
    SymbOS/Cabir.k!sis
    SymbOS/Cabir.i!sis
    SymbOS/Cabir.b!sis
    SymbOS/Cabir.l!sis
    SymbOS/Cabir.j!sis
    SymbOS/Cabir.h!sis
  Application extension Generi (1)
    W32/Maslan.dll.gen
  Application extension Worm (1)
    W32/Bobax.worm.dll
  Damaged (10)
    W32/Sober.dam
    W32/Netsky.q.dam
    W32/Gaobot.dam
    W32/Lovgate.dam
    W32/Alcop.dam
    W32/Netsky.c.dam
    W32/Netsky.p.dam
    W32/Netsky.d.dam
    W32/Bagle.dam
    W32/Lovgate.x.dam
  Damaged Worm (2)
    W32/Gaobot.worm.dam
    W32/Sdbot.worm.dam
  Dropper (2)
    W32/Alcop.ao.dr
    SymbOS/Cabir.dr!skulls
  Dropper Worm (1)
    W32/Gaobot.worm.dr
  E-mail (25)
    W32/Netsky.w@MM
    W32/Netsky.q@MM
    W32/Netsky.u@MM
    W32/Netsky.g@MM
    W32/Netsky.l@MM
    W32/Netsky.k@MM
    W32/Bagle.j@MM
    W32/NetSky.h@MM
    W32/Bagle.k@MM
    W32/Netsky.v@MM
    W32/Mydoom.o@MM
    W32/Alcop.a@MM
    W32/Netsky.y@MM
    W32/Netsky.z@MM
    W32/Netsky.ab@MM
    W32/Mugly.a@MM
    W32/Mugly.b@MM
    W32/Mydoom.ap@MM
    W32/Mydoom.ae@MM
    W32/Netsky.ag@MM
    W32/Bagle.af@MM
    W32/Mugly.d@MM
    W32/Bagle.ad@MM
    W32/Lovgate.ah@MM
    W32/Mydoom.k@MM
  E-mail worm (28)
    W32/Lovgate.f@M
    W32/Naco.b@MM
    W32/Bagle.n@MM
    W32/Naco.a@MM
    W32/Bagle.p@MM
    W32/Netsky.n@MM
    W32/Bagle.q@MM
    W32/Bagle.t@MM
    W32/Netsky.j@MM
    W32/Bagle.c@MM
    W32/Netsky.o@MM
    W32/Bagle.r@MM
    W32/Netsky.x@MM
    W32/Netsky.e@MM
    W32/Netsky.f@MM
    W32/Netsky.d@MM
    W32/Bagle.s@MM
    W32/Bagle.aa@MM
    W32/Netsky.ac@MM
    W32/Lovgate.ac@MM
    W32/Mydoom.av@MM
    W32/Bagle.ah@MM
    W32/Mydoom.n@MM
    W32/Mydoom.ab@MM
    W32/Lovgate.ad@MM
    W32/Lovgate.af@MM
    W32/Lovgate.aj@MM
    W32/Lovgate.ab@MM
  Email (89)
    W32/Mydoom.i@MM
    W32/Anaph@MM
    W32/Lovgate.r@MM
    W32/Bagle.al@MM
    W32/Alcop.ak@MM
    W32/Alcop.ah@MM
    W32/Alcop.af@MM
    W32/Alcop.ad@MM
    W32/Alcop.ac@MM
    W32/Alcop.ab@MM
    W32/Alcop.aa@MM
    W32/Alcop.z@MM
    W32/Alcop.w@MM
    W32/Alcop.v@MM
    W32/Alcop.u@MM
    W32/Alcop.s@MM
    W32/Alcop.r@MM
    W32/Alcop.q@MM
    W32/Alcop.o@MM
    W32/Alcop.m@MM
    W32/Alcop.k@MM
    W32/Alcop.i@MM
    W32/Alcop.g@MM
    W32/Alcop.e@MM
    W32/Alcop.am@MM
    W32/Alcop.ai@MM
    W32/Alcop.ag@MM
    W32/Alcop.ae@MM
    W32/Alcop.y@MM
    W32/Alcop.x@MM
    W32/Alcop.t@MM
    W32/Alcop.p@MM
    W32/Alcop.n@MM
    W32/Alcop.l@MM
    W32/Alcop.j@MM
    W32/Alcop.h@MM
    W32/Alcop.f@MM
    W32/Alcop.b@MM
    W32/Alcop.d@MM
    W32/Alcop.c@MM
    W32/Alcop.an@MM
    W32/Lovgate.b@M
    W32/Lovgate.g@M
    W32/Alcop.aq@MM
    W32/Alcop.ap@MM
    W32/Lovgate.m@M
    W32/Naco.c@MM
    W32/Naco.e@MM
    W32/Naco.f@MM
    W32/Lovgate.n@M
    W32/Alcop.bh@MM
    W32/Alcop.bi@MM
    W32/Mydoom.d@MM
    W32/Lovgate.q@MM
    W32/Lovgate.p@MM
    W32/Lovgate.v@M
    W32/Lovgate.t@MM
    W32/Lovgate.u@MM
    W32/Lovgate.w@M
    W32/Netsky.ad@MM
    W32/Lovgate.al@MM
    W32/Bagle@MM!cpl
    W32/Riddle.b@MM
    W32/Riddle.a@MM
    W32/Mydoom.aa@MM
    W32/Maslan.b@MM
    W32/Maslan.a@MM
    W32/Maslan.c@MM
    W32/Lovgate.aa@MM
    W32/Lovgate.ao@MM
    W32/Lovgate.an@MM
    W32/Mydoom.af@MM
    W32/Netsky.ai@MM
    W32/Mydoom.ad@MM
    W32/Lovgate.aq@MM
    W32/Mugly.g@MM
    W32/Mugly.f@MM
    W32/Mydoom.at@MM
    W32/Mydoom.ar@MM
    W32/Mugly.h@MM
    W32/Lovgate.ak@MM
    W32/Mydoom.y@MM
    W32/Lovgate.ae@MM
    W32/Mydoom.m@MM
    W32/Alcop.bk@MM
    W32/Alcop.bj@MM
    W32/Mydoom.l@MM
    W32/Netsky.af@MM
    W32/Mydoom.ac@MM
  Email Generic (6)
    W32/Sober.gen@MM
    W32/Chowl.gen@MM
    W32/Bibrog.gen@MM
    W32/Naco.gen@MM
    W32/Holar.gen@MM
    W32/Mydoom.gen@MM
  Email Generic Worm (1)
    W32/Zokrim.worm.gen@MM
  Email Worm (4)
    W32/Netsky.aa@MM
    W32/Mydoom.r@MM
    W32/Lovgate.ai@MM
    W32/Lovgate.ag@MM
  Floppy Worm (1)
    W32/Flor.worm
  Generic (4)
    W97M/Chack.gen
    W32/Graps.gen
    SymbOS/Cabir.gen!sis
    W32/Poebot.gen
  Generic Peer To Peer Worm (2)
    W32/Duload.worm.gen!p2p
    W32/Gemel.worm.gen!p2p
  Generic Worm (27)
    W32/Sdbot.worm.gen
    W32/BackZat.worm.gen
    W32/Gaobot.worm.gen.g
    W32/Gaobot.worm.gen.e
    W32/Sdbot.worm.gen.w
    W32/STD.worm.gen
    W32/Winur.worm.gen
    W32/Spybot.worm.gen.f
    W32/Gaobot.worm.gen.l
    W32/Roaller.worm.gen
    W32/Gaobot.worm.gen.j
    W32/Sdbot.worm.gen.n
    W32/Sdbot.worm.gen.l
    W32/Sdbot.worm.gen.j
    W32/Sdbot.worm.gen.h
    W32/Gaobot.worm.gen.n
    W32/Sdbot.worm.gen.i
    W32/Sdbot.worm.gen.g
    W32/Sdbot.worm.gen.x
    W32/Gaobot.worm.gen.t
    W32/Sdbot.worm.gen.y
    W32/Sdbot.worm.gen.ac
    W32/Sdbot.worm.gen.t
    W32/Israz.worm.gen
    W32/Winfig.worm.gen
    W32/Sdbot.worm.gen.q
    W32/Bobax.worm.gen
  Heuristic (1)
    New Malware.b
  Internet Relay Chat (1)
    W32/Maslan!irc
  Internet Worm (6)
    W32/Naco.d@MM
    W32/Sdbot.worm
    W32/Zezer.worm.gen
    W32/AimVen.worm
    W32/Bagle.d@MM
    W32/Bobax.worm.a
  Macro (1)
    non viable W97M/Cap
  mIRC Worm (1)
    W32/Protoride.worm
  MS Office Suite (1)
    VBA/Generic.src
  Open Share Worm (1)
    W32/Hilin.worm
  Overwriting (1)
    W32/Alcop.ow
  P2P Worm (1)
    W32/Antinny.worm.b
  Peer To Peer Worm (1)
    W32/Gammes.worm!p2p
  Script (1)
    VBS/Generic
  VbScript (1)
    New Script
  Win32 (25)
    W32/Bagle.o!proxy
    W32/Bagle.aj!proxy
    W32/Antites
    W32/AntiMP3
    W32/Anky
    W32/Lovgate
    W32/Sober.k.eml!zip
    W32/Antilope
    W32/Neoval
    W32/Arikash
    W32/Alcop.ay
    W32/AntiFolder
    W32/Sober.d.eml!zip
    W32/Sober.e.eml!zip
    W32/Alcon
    W32/Sober.f.eml!zip
    W32/Bagle.an
    W32/Bagle.z
    W32/Sober.j.eml!zip
    W32/Bagle.ao
    W32/Mydoom
    W32/Generic.Delphi.b
    W32/Generic.Delphi.a
    W32/Mydoom.ao
    W32/Bagle.bh
  Win9x (1)
    W95/Zombie
  Worm (54)
    W32/Gaobot.worm
    W32/Refoav.worm
    W32/Lovgate.l@M
    W32/Jitux.worm
    W32/Lovgate.a@M
    W32/Lovgate.c@M
    W32/Alcop.bg.worm
    W32/Amazex.n.worm
    W32/Amazex.l.worm
    W32/Amazex.j.worm
    W32/Amazex.h.worm
    W32/Amazex.f.worm
    W32/Amazex.d.worm
    W32/Amazex.b.worm
    W32/Amazex.m.worm
    W32/Amazex.k.worm
    W32/Amazex.i.worm
    W32/Amazex.g.worm
    W32/Amazex.e.worm
    W32/Amazex.c.worm
    W32/Amazex.a.worm
    W32/Lovgate.s@MM
    W32/Lovgate.x@MM
    W32/Mertian.worm
    W32/Admirer@MM
    W32/Acone.worm
    W32/Bored.worm.a
    W32/Bored.worm.b
    W32/Busan.worm.e
    W32/Sysdil.worm
    W32/Celebit.worm
    W32/Fibot.worm
    W32/Alcop.aw.worm
    W32/Alcop.au.worm
    W32/Alcop.av.worm
    W32/Alcop.at.worm
    W32/Alcop.ax.worm
    W32/Alcop.az.worm
    W32/Alcop.ba.worm
    W32/Alcop.bc.worm
    W32/Alcop.bb.worm
    W32/Alcop.bf.worm
    W32/Niconor.worm
    W32/Nvrdoc.worm
    W32/Brujas.worm
    W32/Surrogad.worm
    W32/Dedler.worm
    W32/Amazex.o.worm
    W32/Mydoom.t@MM
    W32/Bobax.worm.e
    W32/Bobax.worm.d
    W32/Hobot.worm
    W32/Bobax.worm.b
    W32/Bobax.worm.c