Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4685
DAT Release Date 01/30/2006
Threats Detected 173947
New Detections 18
Enhanced Detections 444

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
There are no noteworthy threats in this release

New Detections:

Program (2)
  Win32 (2)
    PortScan-Retina
    PortScan-ProxyRama
Trojan (7)
   (2)
    SymbOS/Multidropper.ak!sis
    SymbOS/Multidropper.ai!sis
  Generic (1)
    APStrojan.gen5d
  Password (1)
    PWS-JI
  StartPage (1)
    StartPage-IR
  Win31 (2)
    Generic FDoS.j
    Generic FDoS.i
Virus (9)
   (3)
    SymbOS/Cabir.ae!sis
    SymbOS/Cabir.ae
    SymbOS/Cabir!ezboot.ae
  Email (2)
    W32/Mytob.ho@MM
    W32/Mytob.hp@MM
  Generic (2)
    W32/Rosaren.gen
    W32/Feebs.gen!upd
  Generic Peer To Peer (1)
    W32/Harex.gen!p2p
  Win32 (1)
    W32/Theals.d

Enhanced Detections:

Internet Worm (2)
  E-mail (1)
    W32/Mytob.bk@MM
  E-mail worm (1)
    JS/Feebs.gen.c@MM
Program (17)
   (1)
    Generic PUP.a
  Adware (6)
    Adware-Cydoor
    Adware-Look2Me
    Adware-Apropos
    Adware-CasClient
    Adware-EliteBar
    Adware-Cygo
  Application extension (3)
    Adware-Apropos.dll
    Clearsearch.dll
    Adware-CommonName.dll
  Dropper (4)
    Adware-CasClient.dr
    WorldAntiSpy.dr
    Adware-WinHound.dr
    Adware-Ezula.dr
  Plugin component (1)
    Tool-Xscan.plugin
  Registry (2)
    WorldAntiSpy
    Qoolaid
Trojan (189)
   (28)
    SymbOS/Multidropper.a!sis
    SymbOS/Multidropper.e!sis
    SymbOS/Multidropper.c!sis
    SymbOS/Multidropper.g!sis
    SymbOS/Multidropper.b!sis
    SymbOS/Multidropper.f!sis
    SymbOS/Multidropper.d!sis
    SymbOS/Multidropper.k!sis
    SymbOS/Multidropper.j!sis
    SymbOS/Multidropper.i!sis
    SymbOS/Multidropper.h!sis
    Generic BackDoor.bb
    SymbOS/Multidropper.l!sis
    HideProc
    Generic.dc
    SymbOS/Multidropper.q!sis
    SymbOS/Multidropper.r!sis
    Generic.ce
    Generic.cd
    SymbOS/Multidropper.aj!sis
    SymbOS/Multidropper.ah!sis
    SymbOS/Multidropper.af!sis
    SymbOS/Multidropper.ad!sis
    SymbOS/Multidropper.x!sis
    SymbOS/Multidropper.ag!sis
    SymbOS/Multidropper.ae!sis
    SymbOS/Multidropper.ac!sis
    SymbOS/Multidropper.u!sis
  Application extension (3)
    BackDoor-CED.dll
    Proxy-Mitglieder.dll
    Downloader-EA.dll
  Client (2)
    BackDoor-ABI.cli
    BackDoor-XD.cli
  Configurator (1)
    Generic PWS.b.cfg
  Downloader (1)
    Downloader-ASH
  Dropper (9)
    BackDoor-ABL.dr
    BackDoor-AAA.dr
    Proxy-Mitglieder.dr
    BackDoor-ZA.dr
    BackDoor-XM.dr
    BackDoor-WX.dr
    BackDoor-WU.dr
    BackDoor-WJ.dr
    MultiDropper-PS
  Email Generic (1)
    W32/Feebs.gen@MM
  Generic (8)
    BackDoor-AGS.gen
    Generic Downloader.gen.be
    PWS-Banker.gen.ba
    PWS-Banker.gen.bb
    PWS-Banker.gen.i
    PWS-Banker.gen.h
    ServU-Daemon.gen.bb
    PWS-Banker.gen.v
  Heuristic (2)
    New Malware.ae
    New Malware.ab
  Internet Worm (1)
    W32/QAZ.worm
  Keylogger (1)
    Keylog-Sters
  Password Stealer (5)
    Generic PWS.a
    Generic PWS.b
    PWS-JA
    PWS-AOLPhish
    PWS-Spawn
  Proxy (1)
    Proxy-Agent.c
  Remote Access (100)
    BackDoor-AQF
    BackDoor-ARR
    BackDoor-AMQ
    BackDoor-AWQ.b
    BackDoor-ZT
    BackDoor-AED
    BackDoor-AAV
    BackDoor-AAE
    BackDoor-AAT
    BackDoor-AAD
    BackDoor-XV
    BackDoor-YJ
    BackDoor-ABH
    BackDoor-WU.svr
    BackDoor-ABW
    BackDoor-AAA
    BackDoor-WQ
    BackDoor-WL
    BackDoor-YE
    BackDoor-ABT
    BackDoor-AOD
    BackDoor-YN
    BackDoor-WM
    BackDoor-ABS
    BackDoor-XU
    BackDoor-ZO
    BackDoor-YK
    BackDoor-ZS
    BackDoor-CED
    BackDoor-WV
    BackDoor-ABQ
    BackDoor-YI
    BackDoor-ABP
    BackDoor-AAS
    BackDoor-ZD
    BackDoor-VV
    BackDoor-AAW
    BackDoor-AAJ
    BackDoor-ZZ
    BackDoor-ZU
    BackDoor-ZM
    BackDoor-ZG
    BackDoor-ZB
    BackDoor-YX
    BackDoor-YU
    BackDoor-YG
    BackDoor-YB
    BackDoor-XX
    BackDoor-XR
    BackDoor-XP
    BackDoor-XL
    BackDoor-XK
    BackDoor-XI
    BackDoor-XF
    BackDoor-XE
    BackDoor-XD
    BackDoor-XC
    BackDoor-WZ
    BackDoor-WY
    BackDoor-WW
    BackDoor-WT
    BackDoor-WS
    BackDoor-WR
    BackDoor-WP
    BackDoor-WI
    BackDoor-WH
    BackDoor-WE
    BackDoor-WD
    BackDoor-WC
    BackDoor-WA
    BackDoor-VZ
    BackDoor-VY
    BackDoor-VW
    BackDoor-VT
    BackDoor-VS
    BackDoor-AEF
    BackDoor-ABJ
    BackDoor-AAX
    BackDoor-AAH
    BackDoor-ZW
    BackDoor-ZK
    BackDoor-ZC
    BackDoor-ZA
    BackDoor-YZ
    BackDoor-YV
    BackDoor-YO
    BackDoor-YM
    BackDoor-YH
    BackDoor-YF
    BackDoor-YC
    BackDoor-XY
    BackDoor-XW
    BackDoor-XQ
    BackDoor-XN
    BackDoor-ABO
    BackDoor-CJX
    BackDoor-WX
    BackDoor-WG
    Generic BackDoor.o
    BackDoor-CEP
  Script (1)
    Generic component
  Server (4)
    BackDoor-WF.svr.rmv
    BackDoor-WF.svr
    BackDoor-ABL.svr
    BackDoor-AAY.svr
  Win32 (21)
    HackerDefender
    Generic Delphi
    Generic Downloader.c
    BackDoor-ZF
    Puper
    Generic Downloader.s
    Generic BackDoor.bc
    Generic BackDoor.ba
    Generic RootKit
    Generic PWS.o
    Generic Dropper.i
    Generic BackDoor.u
    Generic Downloader.ab
    W32/Feebs!rootkit
    Generic.b
    Generic Dropper.w
    Generic Downloader.f
    Generic StartPage.c
    Generic Dropper.c
    Generic Downloader.h
    Generic AdClicker.d
Virus (236)
   (47)
    SymbOS/Cabir.x
    SymbOS/Cabir.ab
    SymbOS/Cabir!ezboot.ab
    SymbOS/Cabir.ab!sis
    SymbOS/Cabir!lasco
    SymbOS/Cabir.v
    SymbOS/Cabir!ezboot.v
    SymbOS/Cabir.y
    SymbOS/Cabir!ezboot.y
    SymbOS/Cabir.z
    SymbOS/Cabir!ezboot.w
    SymbOS/Cabir.w
    SymbOS/Cabir.ac
    SymbOS/Cabir.ac!sis
    SymbOS/Cabir!ezboot.ac
    SymbOS/Cabir!ezboot.e
    SymbOS/Cabir!ezboot.d
    SymbOS/Cabir!ezboot.c
    SymbOS/Cabir!ezboot
    SymbOS/Cabir!ezboot.x
    SymbOS/Cabir!ezboot.s
    SymbOS/Cabir!ezboot.o
    SymbOS/Cabir!ezboot.k
    SymbOS/Cabir!ezboot.f
    SymbOS/Cabir.k!sis
    SymbOS/Cabir.i!sis
    SymbOS/Cabir.b!sis
    SymbOS/Cabir!ezboot.ad
    SymbOS/Cabir.g
    SymbOS/Cabir.f
    SymbOS/Cabir.b
    SymbOS/Cabir.a
    SymbOS/Cabir!ezboot.t
    SymbOS/Cabir!ezboot.r
    SymbOS/Cabir.m
    SymbOS/Cabir.k
    SymbOS/Cabir!ezboot.q
    SymbOS/Cabir!ezboot.p
    SymbOS/Cabir!ezboot.n
    SymbOS/Cabir.l!sis
    SymbOS/Cabir.j!sis
    SymbOS/Cabir.h!sis
    SymbOS/Cabir.u
    SymbOS/Cabir.ad
    SymbOS/Cabir.ad!sis
    SymbOS/Cabir.aa
    SymbOS/Cabir!ezboot.aa
  Damaged (1)
    W32/Mytob.dam
  Damaged Worm (1)
    W32/Sdbot.worm.dam
  Dropper (3)
    W32/Bagle.bs.dr
    SymbOS/Cabir.dr
    SymbOS/Cabir.dr!skulls
  Dropper Email (1)
    W32/Mytob.dr@MM
  E-mail (10)
    W32/Mytob.be@MM
    W32/Mytob.bi@MM
    W32/Mytob.bj@MM
    W32/Mytob.bo@MM
    W32/Mytob.bl@MM
    W32/Mytob.br@MM
    W32/Mytob.bf@MM
    W32/Mytob.cg@MM
    W32/Mytob.ch@MM
    W32/Mytob.gr@MM
  Email (126)
    W32/Mytob.b@MM
    W32/Mytob.a@MM
    W32/Mytob.ao@MM
    W32/Mytob.al@MM
    W32/Mytob.ev@MM
    W32/Mytob.ew@MM
    W32/Mytob.at@MM
    W32/Mytob.fa@MM
    W32/Rontokbro.a@MM
    W32/Mytob.ft@MM
    W32/Mytob.fs@MM
    W32/Mytob.aw@MM
    W32/Mytob.av@MM
    W32/Mytob.au@MM
    W32/Bagle@MM!cpl
    W32/Mytob.fr@MM
    W32/Mytob.ba@MM
    W32/Rontokbro.b@MM
    W32/Mytob.bc@MM
    W32/Mytob.bb@MM
    W32/Mytob.bd@MM
    W32/Mytob.fu@MM
    W32/Mytob.fy@MM
    W32/Mytob.fw@MM
    W32/Mytob.fv@MM
    W32/Mytob.fx@MM
    W32/Mytob.ge@MM
    W32/Mytob.gg@MM
    W32/Mytob.gl@MM
    W32/Mytob.gj@MM
    W32/Mytob.gi@MM
    W32/Mytob.go@MM
    W32/Mytob.bg@MM
    W32/Mytob.bu@MM
    W32/Mytob.bq@MM
    W32/Mytob.by@MM
    W32/Mytob.bx@MM
    W32/Mytob.cd@MM
    W32/Mytob.cq@MM
    W32/Mytob.ck@MM
    W32/Mytob.fz@MM
    W32/Mytob.gd@MM
    W32/Mytob.gc@MM
    W32/Mytob.gb@MM
    W32/Mytob.ga@MM
    W32/Mytob.gf@MM
    W32/Mytob.gn@MM
    W32/Mytob.gp@MM
    W32/Mytob.gq@MM
    W32/Mytob.bn@MM
    W32/Mytob.cw@MM
    W32/Mytob.dh@MM
    W32/Mytob.p@MM
    W32/Mytob.i@MM
    W32/Mytob.k@MM
    W32/Mytob.r@MM
    W32/Mytob.e@MM
    W32/Mytob.c@MM
    W32/Mytob.gm@MM
    W32/Mytob.gs@MM
    W32/Mytob.gt@MM
    W32/Mytob.m@MM
    W32/Mytob.g@MM
    W32/Mytob.bs@MM
    W32/Mytob.bt@MM
    W32/Mytob.bp@MM
    W32/Mytob.ct@MM
    W32/Mytob.cf@MM
    W32/Mytob.de@MM
    W32/Mytob.dd@MM
    W32/Mytob.ca@MM
    W32/Mytob.cb@MM
    W32/Mytob.do@MM
    W32/Mytob.dl@MM
    W32/Mytob.h@MM
    W32/Mytob.j@MM
    W32/Mytob.l@MM
    W32/Mytob.o@MM
    W32/Mytob.n@MM
    W32/Mytob.f@MM
    W32/Mytob.d@MM
    W32/Mytob.t@MM
    W32/Mytob.x@MM
    W32/Mytob.y@MM
    W32/Mytob.cr@MM
    W32/Mytob.cl@MM
    W32/Mytob.ci@MM
    W32/Mytob.cs@MM
    W32/Mytob.cx@MM
    W32/Mytob.cy@MM
    W32/Mytob.dn@MM
    W32/Mytob.dk@MM
    W32/Mytob.dz@MM
    W32/Mytob.eb@MM
    W32/Mytob.ei@MM
    W32/Mytob.aa@MM
    W32/Mytob.ad@MM
    W32/Mytob.dw@MM
    W32/Mytob.dv@MM
    W32/Mytob.ds@MM
    W32/Mytob.du@MM
    W32/Mytob.ea@MM
    W32/Mytob.aj@MM
    W32/Mytob.z@MM
    W32/Mytob.gu@MM
    W32/Mytob.gx@MM
    W32/Mytob.eg@MM
    W32/Mytob.ej@MM
    W32/Mytob.hn@MM
    W32/Mytob.hk@MM
    W32/Mytob.gy@MM
    W32/Mytob.hf@MM
    W32/Mytob.gw@MM
    W32/Mytob.gz@MM
    W32/Mytob.hg@MM
    W32/Mytob.hm@MM
    W32/Mytob.hh@MM
    W32/Mytob.hi@MM
    W32/Mytob.hj@MM
    W32/Mytob.gv@MM
    W32/Mytob.ha@MM
    W32/Mytob.he@MM
    W32/Mytob.em@MM
    W32/Mytob.en@MM
    W32/Mytob.es@MM
    W32/Mytob.eq@MM
  Email Generic (2)
    W32/Rontokbro.gen@MM
    W32/Mytob.gen@MM
  File Infector (1)
    Generic
  Generic (5)
    W32/Bagle.bs.gen
    JS/Feebs.gen
    W32/Brepibot.gen
    SymbOS/Cabir.gen!sis
    SymbOS/Cabir.gen
  Generic Worm (19)
    W32/QAZ.worm.gen
    W32/Sdbot.worm.gen.bg
    W32/Sdbot.worm.gen.l
    W32/Sdbot.worm.gen.h
    W32/Sdbot.worm.gen.i
    W32/Sdbot.worm.gen.bl
    W32/Sdbot.worm.gen.bk
    W32/Kelvir.worm.gen
    W32/Sdbot.worm.gen.ae
    W32/Spybot.worm.gen.j
    W32/Sdbot.worm.gen.bs
    W32/Sdbot.worm.gen.bz
    W32/Sdbot.worm.gen.ag
    W32/Sdbot.worm.gen.bd
    W32/Sdbot.worm.gen.bh
    W32/Sdbot.worm.gen.bi
    W32/Sdbot.worm.gen.by
    W32/Sdbot.worm.gen.ac
    W32/Sdbot.worm.gen.q
  PDA Device (14)
    SymbOS/Cabir.e
    SymbOS/Cabir.c
    SymbOS/Cabir.h
    SymbOS/Cabir.d
    SymbOS/Cabir.t
    SymbOS/Cabir.r
    SymbOS/Cabir.p
    SymbOS/Cabir.n
    SymbOS/Cabir.l
    SymbOS/Cabir.s
    SymbOS/Cabir.q
    SymbOS/Cabir.o
    SymbOS/Cabir.i
    SymbOS/Cabir.j
  VbScript (1)
    New Script
  Win32 (3)
    W32/Bagle
    W32/Bagle.bs
    W32/Generic.n
  Win9x (1)
    W95/Blakan
  Worm (1)
    W32/Mytob.worm!im