Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4587
DAT Release Date 09/21/2005
Threats Detected 149626
New Detections 40
Enhanced Detections 558

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
There are no noteworthy threats in this release

New Detections:

Program (22)
  Adware (3)
    Adware-NuggetSearch
    Adware-ClearSearch
    Adware-Serch!chm
  Cookie (1)
    Cookie-Lop
  Keylogger (2)
    Keylog-Powerlogger
    KeyLog-PersonInspect
  Registry (16)
    C2.Lop
    BossEveryware
    NS
    ISTbar.b
    ABetterInternet
    EZSearch Bar
    ArdamaxKL
    SC
    BetterInet
    DyFuCA - SafeSurf
    SaveNow / WhenU
    AbsoluteKL
    RAS.al
    SpywareBuddy
    PerfectKL
    BargainBuddy
Trojan (7)
   (4)
    SymbOS/Multidropper.e!sis
    SymbOS/Multidropper.c!sis
    SymbOS/Multidropper.f!sis
    SymbOS/Multidropper.d!sis
  Dropper (1)
    MultiDropper-OG
  Heuristic (1)
    New Malware.s
  PDA Device (1)
    SymbOS/MultiDropper.G
Virus (11)
  Win32 (6)
    W32/Bagle.cw
    W32/Bagle.cu
    W32/Bagle.cr
    W32/Bagle.cx
    W32/Bagle.cv
    W32/Bagle.cs
  Worm (5)
    W32/Kelvir.worm.ff
    W32/Accid.worm
    W32/Bobax.worm.aa
    W32/Kelvir.worm.ey
    W32/Guap.worm

Enhanced Detections:

Internet Worm (2)
  E-mail (1)
    W32/Bagle.gen@MM
  Win32 (1)
    New Worm
Malware (1)
  Remote Access (1)
    WinVNC
Program (344)
  - (3)
    Proxy-OSS
    IMIServer.download
    CouponBar
  Adware (231)
    DSSAgent
    Adware-SaveNow
    Adware-TVMedia
    Adware-DFC
    Adware-TopMoxie
    Adware-PortalScan
    Adware-NetPals
    Adware-Adtomi
    Adware-BrowserAid
    Adware-NavHelper
    Adware-Surfbar
    Adware-SubSearch
    Adware-RBlast.dldr
    Adware-ShowBehind
    Adware-180SA
    Adware-BDE
    Adware-SSF
    ClearSearch.dldr
    Adware-Look2Me
    Adware-RCSync
    Adware-SAHAgent
    Adware-HelpExpress
    Adware-PromulGate
    Adware-CommonName
    Adware-SafeSurf
    Adware-Rfwnad
    Adware-SafeSearch
    Adware-PurityScan
    Adware-BB
    Adware-BHO.gen
    Adware-Gain
    Adware-BuddyLinks
    Adware-SearchAid
    Adware-FreeComm
    Adware-DDM
    Adware-Virtumondo
    Adware-FriendXMS
    Adware-EZSearch
    MP3Search
    Adware-Webone
    Adware-Searchcentrix
    Adware-IESearchBar
    Adware-Apropos
    Adware-eUniverse
    Adware-Lvup
    Adware-RightFind
    Adware-Crackedearth
    Adware-Edise
    Adware-IEDriver
    Adware-ISTBar
    Adware-FreeScratch
    Adware-CoolWebSearch
    Adware-HitHopper
    Adware-ClipGenie
    Adware-RBlast
    Adware-ExplBar
    Adware-Wink
    Adware-SpyBlast
    Adware-Zipclix
    Adware-Lop
    Adware-SearchSquire
    Adware-UCSearch
    Adware-UCMore
    Adware-OpenSite
    Adware-POP
    Adware-StatBlaster
    Adware-Doumi
    Adware-IALink
    Adware-Adroar
    Adware-WildMedia
    Adware-TsCash
    Adware-InstDollars
    Adware-IEPageHelper
    Adware-Checkin
    Adware-BTS
    Adware-BDSearch
    Adware-Adwin
    Adware-Adpower
    Adware-SearchPounder
    Adware-BlogCn
    Adware-HotSearchBar
    Adware-Globosearch
    Adware-CashToolbar
    Adware-Relevance
    Adware-NaviPromo
    Adware-Dashbar
    Adware-AZESearch
    Adware-Sipspi
    Adware-SearchFast
    Adware-Riversoft
    Adware-ESDAds
    Adware-PrecisionPop
    Adware-Showsearch
    Adware-Virtumonde
    Adware-Onban
    Adware-Mirar
    Adware-WhenUSearch
    Adware-Redalert
    Adware-OMI
    Adware-ClickTrack
    Adware-MyWebSearch
    Adware-MarketScore
    Adware-HotAction
    Adware-GoldenEye
    Adware-Ndware
    Adware-NaviHelper
    Adware-MediaTickets
    Adware-ZSearch
    Adware-Unitzed
    Adware-Topconvert
    Adware-TickerBar
    Adware-TbarWin32
    Adware-NeoToolbar
    Adware-Megasearch
    Adware-MarketDart
    Adware-LookNSearch
    Adware-WUpd
    Adware-SmartPops
    Adware-SBSoft
    Adware-Fizzle
    Adware-FriendlyName
    Adware-EasySearch
    Adware-Searcher
    Adware-P2PNet
    Adware-HalfLemon
    Adware-IWantSearch
    Adware-Horoscope
    Adware-WebSearch4u
    Adware-abetterintrnt.inf
    Adware-WinAd
    Adware-FWNToolbar
    Adware-MMSys
    Adware-Darktech
    Uploader-R
    Adware-CasOnline
    Adware-Jily
    Adware-ISearch
    Adware-Interkey
    Adware-Instafinder
    Adware-ExtaCaps
    Adware-EliteBar
    Adware-xplus
    Adware-WinSniffer
    Adware-Web3000
    Adware-Ultrabar
    Adware-TotalVelocity
    Adware-SurfSnoop
    Adware-SpyPC
    Adware-SpyAgent
    Adware-Spector
    Adware-ShopNav
    Adware-SearchIt
    Adware-Safenet
    Adware-RapidBlaster
    Adware-PowerStrip
    Adware-PeopleOnPage
    Adware-PCSpy
    Adware-OnFlow
    Adware-Pribi
    Adware-Wurldmedia
    Adware-WatchRight
    Adware-RedHand
    Adware-NewtonKnows
    Adware-LoggerBuddy
    Adware-JimmySurf
    Adware-InlookExpress
    Adware-IMIServ
    Adware-HiWire
    Adware-GameSpyArcade
    Adware-Forbes
    Adware-Farsighter
    Adware-NetSpy
    Adware-Net900
    Adware-Medload
    Adware-LoverSpy
    Adware-LinkGrabber99
    Adware-Kazoom
    Adware-IntraSpy
    Adware-INetspeak
    Adware-Ilookup
    Adware-Freecam
    Adware-FlashGet
    Adware-Expedioware
    Adware-E-Surveiller
    Adware-DopeWars
    Adware-CyberSnoop
    Adware-CovenantEyes
    Adware-Cometsys
    Adware-EZSearchBar
    Adware-EGroup
    Adware-DSSAgent
    Adware-CashSurfers
    Adware-BDEProjector
    Adware-Aveo
    Adware-AtomicLog
    Adware-AppsTraka
    Adware-AdBreak
    Adware-AdBlaster
    Adware-ABSystemSpy
    Adware-TopRebates
    Adware-SrchEnh
    Adware-DealHelper
    Adware-CashFiesta
    Adware-Softomate
    Adware-ClickSpring
    Adware-Beginto
    Adware-Simbar
    Adware-abetterintrnt
    Adware-YSKKeylog
    Adware-X-Diver
    Adware-Winvestigator
    Adware-WinGuardian
    Adware-WeatherCast
    Adware-VCatch
    Adware-TwistedHumor
    Adware-Qoolaid
    Adware-CommanderNET
    Adware-BestSearch
    Adware-SurfAccuracy
    Adware-GatorEWallet
    Adware-Tps108
    Adware-SurfSpy
    Adware-Stukach
    Adware-StopPop
    Adware-SpyWiper
    Adware-SpyAnywhere
    Adware-SpotOn
    Adware-RedV
    Adware-Raven
    Adware-RadLight
    Adware-Probot
  Application extension (8)
    Adware-Apropos.dll
    ILookup.dll
    MP3Search.dll
    KeyLog-Dks.dll
    Adware-IEToolBar.dll
    Adware-Beginto.dll
    Dialer-Generic.dll
    Downloader-LG.dll
  Application extension Droppe (1)
    StartPage-DU.dll.dr
  Dialer (2)
    Dialer-198
    Dialer-RAS.al
  Downloader (15)
    CashDialer
    PosX
    PosX.dldr
    Mp3Search.ldr
    IdentDaemon.ldr
    Adware-Lop.dldr
    Adware-Ezula.dldr
    Downloader-P
    SearchAssistant.dldr
    Proxy-OSS.dldr
    Adware-IstBar.dldr
    Adware-WinAd.dldr
    Adware-SAHAgent.dldr
    Downloader-PI
    Downloader-PX
  Dropper (17)
    Adware-SAHAgent.dr
    NetBusPro.dr
    ILookup.dr
    WinVNC.dr
    IMIServ.dr
    Adware-AZESearch.dr
    Panteras.dr
    Adware-Quickbar.dr
    Adware-StatBlaster.dr
    Adware-Beginto.dr
    Downloader-YN.dr
    Adware-180SA.dr
    SystemSave.dr
    Uploader-R.dr
    WinSpy.dr
    Adware-Ezula.dr
    Adware-abetterintrnt.dr
  Generic (1)
    Adware-Perfect.gen
  Keylogger (12)
    Keylog-MSNMspy
    Keylog-SC
    Keylog-Pino
    Keylog-SARep
    Keylog-TraceBoy
    Keylog-Ardamax
    Keylog-ActiveKey
    Keylog-Amecisco
    Keylog-Refog
    Keylog-CN
    Keylog-Absolute
    Keylog-Tong
  Password (2)
    Winspy
    PWCrack-Cain
  ProcKill (1)
    ProcKill-KnlKillP
  Registry (25)
    NetBus
    Logger
    DopeWars
    IntraSpy
    NetSpy
    WinGuardian
    Medload
    NetBusPro
    Tong
    VirtualBouncer
    Raven
    smart-browser
    7Adpower
    Reg-DetectKeys24
    yellowpages
    EBates
    clearsearch
    Generic.d
    ISearch
    Reg-DetectNames14
    Fizzle
    ShopNav
    Imiserver
    NukeNabber
    ActivityLogger
  Remote Access (1)
    iSpyNOW
  Settings Change (1)
    Adware-XPlugin
  Spam (1)
    Adware-Ezula
  Spyware (18)
    Keylog-Perfect
    KeyLog-KeyRecord
    KeyLog-Tiny101
    Keylog-KeyLoggerJ
    Spyware-PALKeyLogger
    Spyware-RealSpy
    Spyware-ModemSpy
    Spyware-GurlWatcher
    Spyware-DesktopSpy
    Spyware-DeskScout
    Spyware-XPCSpy
    Spyware-MiniKeyLog
    Spyware-Webhancer
    Spyware-Ssppyy
    Spyware-BE
    Spyware-RemoteSpy
    Spyware-SaveKeys
    Spyware-AceSpy
  Win32 (5)
    IdentDaemon
    Internet Washer Pro
    TrueActive
    SystemSave
    Keygen-NetBus
Trojan (40)
   (1)
    SymbOS/Multidropper.a!sis
  - (1)
    NTRootKit-J
  Application extension (2)
    Puper.dll
    BackDoor-CPI.dll
  Demonstration (1)
    JS/Exploit-Script.demo
  Downloader (7)
    W32/Bagle.cj
    Downloader-YN
    Downloader-TA.dll
    Downloader-TA
    Downloader-PN
    Downloader-PS
    Downloader-LG
  Exploit (1)
    JS/Exploit-CrossSite
  Generic (3)
    PWS-Banker.gen.ba
    PWS-Banker.gen.bb
    PWS-Banker.gen.i
  Generic Worm (1)
    W32/Sdbot.worm.gen.bx
  Heuristic (2)
    New Malware.n
    New Malware.j
  Parasitic (1)
    Qhosts.apd
  Password (1)
    PWS-LegMir
  Proxy (1)
    Proxy-Piky
  Registry (1)
    E2Give
  Remote Access (5)
    BackDoor-ARR
    BackDoor-CCL
    BackDoor-AWQ.b
    BackDoor-CPI
    BackDoor-CKB
  Script (2)
    JS/Wonka
    Perl/Shellbot
  Server (1)
    BackDoor-ARR.svr
  StartPage (1)
    StartPage-DU
  Win32 (8)
    Generic BackDoor.b
    Generic Downloader.c
    Generic BackDoor.bg
    RemAdm-SrvCmd
    Generic Downloader.ab
    Generic.b
    Generic Downloader.g
    DDoS-Boxed
Virus (171)
  Damaged (1)
    W32/Mytob.dam
  Damaged Worm (1)
    W32/Kelvir.worm.dam
  Downloader (4)
    W32/Bagle.ci
    W32/Bagle.ck
    W32/Bagle.cl
    W32/Bagle.cn
  Dropper Worm (2)
    W32/Licu.worm.dr
    W32/Kelvir.worm.dr
  Email (49)
    W32/Mytob.ao@MM
    W32/Mytob.al@MM
    W32/Mytob.ew@MM
    W32/Mytob.fa@MM
    W32/Mytob.aw@MM
    W32/Mytob.ba@MM
    W32/Mytob.bc@MM
    W32/Mytob.bb@MM
    W32/Mytob.bd@MM
    W32/Mytob.bu@MM
    W32/Mytob.bq@MM
    W32/Mytob.by@MM
    W32/Mytob.cq@MM
    W32/Mytob.ck@MM
    W32/Mytob.cw@MM
    W32/Mytob.p@MM
    W32/Mytob.i@MM
    W32/Mytob.k@MM
    W32/Mytob.r@MM
    W32/Mytob.m@MM
    W32/Mytob.bs@MM
    W32/Mytob.de@MM
    W32/Mytob.cb@MM
    W32/Mytob.do@MM
    W32/Mytob.dl@MM
    W32/Mytob.h@MM
    W32/Mytob.j@MM
    W32/Mytob.l@MM
    W32/Mytob.o@MM
    W32/Mytob.t@MM
    W32/Mytob.x@MM
    W32/Mytob.y@MM
    W32/Mytob.cr@MM
    W32/Mytob.cl@MM
    W32/Mytob.ci@MM
    W32/Mytob.cx@MM
    W32/Mytob.cy@MM
    W32/Mytob.dn@MM
    W32/Mytob.ei@MM
    W32/Mytob.aa@MM
    W32/Mytob.ad@MM
    W32/Mytob.dw@MM
    W32/Mytob.dv@MM
    W32/Mytob.du@MM
    W32/Mytob.aj@MM
    W32/Mytob.z@MM
    W32/Mytob.eg@MM
    W32/Mytob.em@MM
    W32/Mytob.en@MM
  Email Generic (1)
    W32/Mytob.gen@MM
  Generic (1)
    W32/Bagle.gen
  Generic Worm (16)
    W32/Sdbot.worm.gen.as
    W32/Sdbot.worm.gen.w
    W32/Sdbot.worm.gen.au
    W32/Gaobot.worm.gen.bj
    W32/Opanki.worm.gen
    W32/Sdbot.worm.gen.ar
    W32/Sdbot.worm.gen.n
    W32/Kelvir.worm.gen
    W32/Sdbot.worm.gen.ag
    W32/Sdbot.worm.gen.bd
    W32/Sdbot.worm.gen.bh
    W32/Sdbot.worm.gen.by
    W32/Sdbot.worm.gen.bj
    W32/Sdbot.worm.gen.y
    W32/Sdbot.worm.gen.ac
    W32/Bobax.worm.gen
  Internet Worm (7)
    W32/Kelvir.worm.c
    W32/Kelvir.worm.b
    W32/Kelvir.worm.bh
    W32/Kelvir.worm.f
    W32/Bobax.worm.o
    W32/Kelvir.worm.dq
    W32/Bobax.worm.a
  Win32 (2)
    W32/Bagle.co
    W32/Bagle.cm
  Worm (87)
    W32/Kelvir.worm.eo
    W32/Kelvir.worm.ew
    W32/Kelvir.worm.ev
    W32/Kelvir.worm.ex
    W32/Bobax.worm.j
    W32/Bobax.worm.h
    W32/Bobax.worm.f
    W32/Kelvir.worm
    W32/Kelvir.worm.al
    W32/Kelvir.worm.ap
    W32/Kelvir.worm.an
    W32/Kelvir.worm.ao
    W32/Kelvir.worm.am
    W32/Kelvir.worm.ea
    W32/Bobax.worm.v
    W32/Kelvir.worm.ec
    W32/Kelvir.worm.ax
    W32/Kelvir.worm.az
    W32/Kelvir.worm.ee
    W32/Kelvir.worm.eg
    W32/Kelvir.worm.eh
    W32/Bobax.worm.i
    W32/Bobax.worm.g
    W32/Bobax.worm.k
    W32/Kelvir.worm.ba
    W32/Kelvir.worm.ay
    W32/Kelvir.worm.bg
    W32/Kelvir.worm.e
    W32/Kelvir.worm.ef
    W32/Kelvir.worm.d
    W32/Bobax.worm.l
    W32/Bobax.worm.m
    W32/Kelvir.worm.ca
    W32/Kelvir.worm.ci
    W32/Kelvir.worm.g
    W32/Kelvir.worm.i
    W32/Kelvir.worm.k
    W32/Kelvir.worm.j
    W32/Kelvir.worm.a
    W32/Kelvir.worm.cm
    W32/Kelvir.worm.ck
    W32/Kelvir.worm.cj
    W32/Bobax.worm.s
    W32/Bobax.worm.n
    W32/Kelvir.worm.o
    W32/Kelvir.worm.n
    W32/Kelvir.worm.p
    W32/Kelvir.worm.s
    W32/Kelvir.worm.l
    W32/Kelvir.worm.m
    W32/Kelvir.worm.t
    W32/Bobax.worm.p
    W32/Bobax.worm.r
    W32/Kelvir.worm.ch
    W32/Bobax.worm.q
    W32/Kelvir.worm.q
    W32/Kelvir.worm.r
    W32/Kelvir.worm.w
    W32/Kelvir.worm.cn
    W32/Kelvir.worm.cu
    W32/Kelvir.worm.cw
    W32/Kelvir.worm.da
    W32/Kelvir.worm.cz
    W32/Kelvir.worm.dd
    W32/Kelvir.worm.ak
    W32/Kelvir.worm.cq
    W32/Kelvir.worm.co
    W32/Kelvir.worm.cv
    W32/Kelvir.worm.cx
    W32/Kelvir.worm.cy
    W32/Kelvir.worm.ab
    W32/Kelvir.worm.ac
    W32/Kelvir.worm.aj
    W32/Kelvir.worm.ai
    W32/Opanki.worm
    W32/Kelvir.worm.db
    W32/Kelvir.worm.dc
    W32/Kelvir.worm.dg
    W32/Kelvir.worm.dv
    W32/Kelvir.worm.dj
    W32/Bobax.worm.e
    W32/Bobax.worm.d
    W32/Bobax.worm.b
    W32/Bobax.worm.c
    W32/Kelvir.worm.dx
    W32/Kelvir.worm.dz
    W32/Kelvir.worm.dy