Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4688
DAT Release Date 02/02/2006
Threats Detected 174583
New Detections 14
Enhanced Detections 675

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
There are no noteworthy threats in this release

New Detections:

Program (1)
  Win32 (1)
    No-Spy.sys
Trojan (6)
   (1)
    QLowZones-26.hta
  Downloader (1)
    Downloader-ATQ
  Dropper (1)
    Downloader-ATG.dr
  Remote Access (2)
    BackDoor-CXK
    BackDoor-CXL
  StartPage (1)
    StartPage-IU
Virus (6)
  Application extension (1)
    W32/Sality.m.dll
  Win32 (2)
    W32/Sality.m
    W32/Davs
  Worm (3)
    W32/Lamo.worm
    W32/Daol.worm.a
    W32/Daol.worm.b

Enhanced Detections:

- (1)
  - (1)
    W32/Insane.dam
Internet Worm (5)
  E-mail (1)
    W32/Mytob.bk@MM
  P2P Worm (1)
    W32/Generic.worm!p2p
  Win32 (3)
    W32/Klez.i@MM
    W32/Klez.e@MM
    W32/Klez.h@MM
Malware (2)
  Exploit (1)
    Exploit-CodeBase
  Password (1)
    PWS-Qwak
Program (66)
   (1)
    Generic PUP.a
  Adware (8)
    Adware-Surfbar
    Adware-HotBar
    Adware-MWS
    Adware-Gain
    Adware-EZSearch
    Adware-Lop
    Adware-ClientMan
    Adware-WinActive
  Damaged (1)
    Adware-MWS.dam
  Dialer (21)
    Dialer-112
    Dialer-209
    Dialer-32
    Dialer-187
    Dialer-35
    Dialer-33
    Dialer-31
    Dialer-30
    Dialer-29
    Dialer-22
    Dialer-21
    Dialer-18
    Dialer-16
    Dialer-13
    Dialer-17
    Dialer-15
    Dialer-12
    Dialer-11
    Dialer-185
    Dialer-220
    Dialer-200
  Dropper (3)
    Adware-EZSearch.dr
    Dialer-19.dr
    Adware-HotBar.dr
  Generic (9)
    Dialer-RAS.ay.gen
    Dialer-RAS.u.gen
    Dialer-RAS.t.gen
    Dialer-RAS.at.gen
    Dialer-TAPI.a.gen
    Dialer-RAS.ax.gen
    Dialer-RAS.bg.gen
    Dialer-RAS.cz.gen
    Dialer-RAS.dm.gen
  Joke (2)
    Evul joke
    Joke-BrowserBlinker
  Keylogger (1)
    Keylog-Scamp
  Password (1)
    Winspy
  Password Stealer (1)
    PWS-SMBRelay
  Registry (3)
    NetBus
    Reg-DetectKeys25
    ZapChast
  StartPage (2)
    StartPage-HZ
    StartPage-VipCrib
  Tool (4)
    Tool-NLMBurglar
    Tool-Linklooker
    HTool-Yallstarts
    Htool-SetRun
  Win32 (9)
    HUCrack
    QHosts-30
    QHosts-20
    TrueActive
    ICCRus
    ErrorGuard
    HLDictionary
    VSP-Poker
    Areser
Trojan (493)
   (7)
    Generic BackDoor.d
    ADtrojan
    Nuravo
    Generic AdClicker.h
    Del-477
    IPThief
    AX/CHM-Exploit
  - (6)
    AIM-Canbot
    WinNuke98
    KeyPanic
    Invalid Certificate
    AdClicker-AJ
    Spam-Mailbot
  Application extension (3)
    PWS-Legmir.dll
    BackDoor-JY.dll
    BackDoor-EX.dll
  Client (19)
    BackDoor-PC.cli
    BackDoor-PW.cli
    BackDoor-NF.cli
    BackDoor-MQ.cli
    BackDoor-KF.cli
    BackDoor-JV.cli
    BackDoor-JE.cli
    BackDoor-JC.cli
    BackDoor-HQ.cli
    BackDoor-CA.cli
    BackDoor-MX.cli
    BackDoor-HK.cli
    BackDoor-FT.cli
    BackDoor-DK.cli
    BackDoor-CJ.cli
    BackDoor-AB.cli
    BackDoor-AI.cli
    BackDoor-EQ.cli
    BackDoor-CU.cli
  Configurator (8)
    Orifice2K.cfg
    KeyLogger.c.cfg
    PWS-CT.cfg
    BackDoor-KF.cfg
    BackDoor-CA.cfg
    BackDoor-AI.cfg
    IRC-DDE.cfg
    Generic PWS.b.cfg
  Damaged (1)
    BackDoor-AWQ.b.dam
  Damaged Dropper (1)
    BackDoor-CV.dr.dam
  Demonstration (3)
    JS/Exploit-DialogArg.demo
    JS/Exploit-DialogArg.b.demo
    JS/Exploit-DialogArg.a.demo
  Downloader (21)
    Downloader-C
    Downloader-E
    NTHack.ldr
    Downloader-D
    Downloader-CP
    Downloader-CR
    Downloader-CS
    Downloader-CZ
    Downloader-FU
    Prutec
    Downloader-VL
    Downloader-VF
    Downloader-XO
    PWS-Banker.dldr
    Downloader-ACB
    Downloader-ACA
    Downloader-OO
    Downloader-ACR
    Downloader-RF
    Downloader-QU
    Downloader-TP
  Dropper (25)
    Multidropper-GN
    Generic BackDoor.dr
    MultiDropper-IW
    MultiDropper-BB
    MultiDropper-AP
    MultiDropper-AG
    MultiDropper-AE
    MultiDropper-X
    Orifice.dr
    NetBus.dr
    PWS-DW.dr
    BackDoor-MX.dr
    BackDoor-GI.dr
    BackDoor-HQ.dr
    QLowZones-26.dr
    MultiDropper-KV
    IRC/Flood.k.dr
    MultiDropper-EY
    BackDoor-KL.dr
    MultiDropper-BE
    Downloader-XD.dr
    Keylog-ColSpy.dr
    MultiDropper-MX
    MultiDropper-AL
    MultiDropper-LY
  Email Generic (1)
    W32/Feebs.gen@MM
  Exploit (7)
    Exploit-IIS.Xploit
    Exploit-Winamp
    Exploit-QtPICT!dam
    Exploit-QtPICT
    Exploit-ZIP
    JS/Exploit-DialogArg.b
    W97M/Exploit-JPEG
  File deleting (6)
    QDel168
    QDel165
    QDel115
    QDel167
    QDel383
    QDel166
  File Deletion (1)
    QDel110
  File renaming (1)
    QName5
  File/Folder creator (1)
    QFile5
  Flooder (13)
    FDoS-Jello
    FDoS-WinNuke2
    FDoS-IrocsK
    FDoS-MWanted
    FDoS-LSky
    YIM-Flood
    FDoS-Pestil.20
    FDoS-Nuke.23
    FDoS-ICQRevenge
    FDoS-ICQFlood.12
    FDoS-ICQFlood
    FDoS-Assault.10
    FDoS-Telebomb
  Generic (33)
    Keylog.gen
    PWS-DV.gen
    PWS-AC.gen
    BackDoor-GZ.gen
    MultiDropper-ER.gen
    PWS-Mewey.gen
    PWS-Crazy.gen
    PWS-MSNFake.gen
    MultiDropper-FM.gen
    VB-QDel.gen
    MultiDropper-FT.gen
    PWS-Yipper.gen
    PWS-QQcv.gen
    FDoS-Flooder.gen
    PWS-QQ.gen
    Oleloa.gen
    Downloader-HQ.gen
    PWS-Banker.gen.ba
    MultiDropper-EH.gen
    PWS-Zaba.gen
    PWS-Banker.gen.bb
    PWS-Banker.gen.b
    PWS-Banker.gen.j
    PWS-Banker.gen.i
    PWS-Banker.gen.t
    Keylog-Diablo.gen
    APStrojan.gen3f
    W32/IRCBot.gen.j
    PWS-Banker.gen.v
    JS/Exploit-DialogArg.gen
    AdClicker-AZ.gen
    Downloader-QB.gen
    Downloader-JT.gen
  Heuristic (5)
    New Malware.d
    Spam-NewsAgent
    New Malware.n
    New Malware.u
    New Malware.ab
  HTML (1)
    Hotlist
  HTTP/FTP Trans. (1)
    Downloader
  ICQ Messaging (1)
    ICQ-Flood.12
  Internet Relay Chat (3)
    IRC/SplitBot
    IRC-SpyAli
    IRC/Dark
  Keylogger (2)
    KeyLogger.c
    Keylog-ColSpy
  Malware Tool (23)
    Spam-ICQspam1
    Nuke-Meliksah
    Spam-Absolut
    Nuke-NabKiller
    Nuke-IGMP.20A
    Hustler.Kit
    Spam-AnonMail
    Spam-Winam
    Kit-Herpes
    Nuke-Ebeg
    Spam-Uy.40
    Spam-SE.11
    Spam-Nmb
    Spam-Euthanasia.152
    Spam-EBomb.09a
    Spam-Aenima.17
    Ptakks.kit.v213
    Nuke-Wnuke32.69
    Nuke-WizNuke
    Nuke-WinNuke95
    Nuke-Stinger
    Kit-VPack
    Downloader-JT.kit
  Password (9)
    PWS-LegMir
    PWS-QQPass
    PWS-LDPinch
    PWS-FF
    Pws-Z
    ICQ-PWS
    PWS-AC
    Pws-CT
    PWS-Banker.q
  Password Stealer (35)
    PWS-Harvester
    Generic PWS.b
    PWS-Spy
    PWS-Keylo
    PWS-ICQInfo
    PWS-IB
    PWS-FR
    PWS-FG
    PWS-EE
    PWS-EA
    PWS-IA
    PWS-GE
    PWS-FH
    PWS-ET
    PWS-EF
    PWS-EB
    PWS-DX
    PWS-DW
    PWS-DS
    PWS-Fastlit
    PWS-Abaxo
    PWS-Nabla
    PWS-MediaNav
    PWS-QQRob
    Generic PWS.h
    Generic PWS.g
    PWS-JA
    PWS-IV
    PWS-Behz
    PWS-AOLPhish
    PWS-Snet
    PWS-Banker.m
    PWS-RemotePassSteal
    PWS-GC
    PWS-Lineage
  Plugin component (3)
    BackDoor-EE.plugin
    BackDoor-JX.plugin
    Orifice.plugin
  ProcKill (2)
    ProcKill-AK
    ProcKill-DI
  Remote Access (104)
    BackDoor-RQ
    Backdoor-CY
    Backdoor-Q
    BackDoor-SN
    BackDoor-AWQ.b
    BackDoor-DX
    Backdoor-AI.svr
    Backdoor-MV
    BackDoor-SR
    BackDoor-SM
    BackDoor-SL
    BackDoor-SK
    BackDoor-SG
    BackDoor-SF
    BackDoor-SD
    BackDoor-RM
    BackDoor-RL
    BackDoor-RK
    BackDoor-RI
    BackDoor-QU
    BackDoor-QP
    BackDoor-QH
    BackDoor-QB
    BackDoor-PX
    BackDoor-PO
    BackDoor-PM
    BackDoor-QK
    BackDoor-QA
    BackDoor-PZ
    BackDoor-PS
    BackDoor-OW
    BackDoor-OV
    BackDoor-NM
    BackDoor-NJ
    BackDoor-NG
    BackDoor-MS
    BackDoor-MH
    BackDoor-KO
    BackDoor-JT
    BackDoor-JQ
    BackDoor-JH
    BackDoor-IV
    BackDoor-IU
    BackDoor-IR
    BackDoor-IL
    BackDoor-HX
    BackDoor-HL
    BackDoor-HB
    BackDoor-GQ
    BackDoor-GI
    BackDoor-OX
    BackDoor-OO
    BackDoor-NZ
    BackDoor-MC
    BackDoor-JS
    BackDoor-JR
    BackDoor-JP
    BackDoor-JN
    BackDoor-JB
    BackDoor-IS
    BackDoor-IK
    BackDoor-ID
    BackDoor-IC
    BackDoor-IB
    BackDoor-IA
    BackDoor-HZ
    BackDoor-HU
    BackDoor-HT
    BackDoor-HQ
    BackDoor-HP
    BackDoor-GY
    BackDoor-GH
    BackDoor-FX
    BackDoor-FG
    BackDoor-FF
    BackDoor-EU
    BackDoor-HC
    Backdoor-HJ
    Backdoor-IW
    BackDoor-JD
    Backdoor-JW
    Backdoor-NB
    Backdoor-QO
    Backdoor-QV
    Backdoor-EE
    Backdoor-QZ
    IRC-Speed
    BackDoor-DR
    BackDoor-QM
    BackDoor-OS
    Generic BackDoor.l
    BackDoor-RZ
    BackDoor-RO
    BackDoor-QL
    BackDoor-QJ
    BackDoor-NI
    BackDoor-NH
    BackDoor-KP
    BackDoor-JG
    BackDoor-IT
    BackDoor-IO
    BackDoor-CV
    BackDoor-GW
    BackDoor-CTK
  Script (4)
    QZap232.bat
    QLowZones-26.bat
    JS/Wonka
    QLowZones-26.reg
  Server (28)
    Orifice2K.svr
    Orifice.svr
    BackDoor-QD.svr
    BackDoor-MX.svr
    BackDoor-KF.svr
    BackDoor-JY.svr
    BackDoor-JV.svr
    BackDoor-JC.svr
    BackDoor-IN.svr
    BackDoor-GH.svr
    BackDoor-PC.svr
    BackDoor-NF.svr
    BackDoor-MQ.svr
    BackDoor-JE.svr
    BackDoor-HT.svr
    BackDoor-HK.svr
    BackDoor-GQ.svr
    BackDoor-FT.svr
    BackDoor-EE.svr
    BackDoor-CJ.svr
    BackDoor-EQ.svr
    BackDoor-HS.svr
    BackDoor-DN.svr
    BackDoor-DL.svr
    BackDoor-DK.svr
    BackDoor-CV.svr
    BackDoor-AJ.svr
    BackDoor-CU.svr
  Spyware (1)
    Keylog-Yeehah
  StartPage (1)
    StartPage-HR
  Trojan (1)
    Multidropper
  Win32 (112)
    Enocider
    Generic BackDoor.h
    Generic Downloader.c
    Winats
    Webmailcrack
    VoiceSpy
    Tuptus
    Spyderweb
    Panama
    NoSpace
    Namaz
    MBT
    Wel
    WebCracker
    UBSpws
    Tetas
    SpyTec
    Sintesys
    ScanNet
    Restart
    RCMOS
    NetRust
    Msielib
    HappyDay
    EXWin
    Covert
    WinKiller-B
    SMSFlood
    Sexspeed
    Santa
    NTHack.FTP
    ModelX
    Logger
    ForYou
    Eurosol
    Aggrevator
    HDKiller
    Picshow
    QQSpy
    TVFKill
    StartPage
    AdClicker-DG
    Uploader-E
    Provera
    LockDown
    OpenCD
    DiskFill-I
    DRevenge
    Niuzu
    Generic VB.b
    Generic Dropper.a
    Timese
    Generic Downloader.am
    MyftU
    Del-445
    Generic Downloader.d
    Generic MultiDropper.a
    AgentHacker
    Puper
    Subnix
    Generic Downloader.s
    Kangen
    Del-476
    BIdea
    Generic Downloader.k
    QLowZones-12
    AdClicker-CX
    Generic Downloader.q
    Generic AdClicker.b
    Generic Downloader.aa
    APSTrojan.tz
    Generic Del.c
    Generic Downloader.ab
    BanBlock
    Kakkeys
    Druogna
    LunLoad
    W32/Feebs!rootkit
    Traeger
    The-CID
    Rsp.b.exe
    Regback
    Ptakks
    Pestil.20
    Nutbus
    Hdk13
    GotoOne
    DDoS-Matav
    Chok
    Boosted.b
    Boosted.a
    BigX
    Assault.10
    Generic.b
    Generic Dropper.w
    Daum
    WitchDoc
    DiskFill-N
    AdClicker-BY
    Generic Downloader.g
    Spy-PKaz
    DDoS-Boxed
    QLowZones-35
    Uploader-O
    AdClicker-AO
    Bboxet
    Del-453
    Minher
    Generic BackDoor.i
    Generic Downloader.h
    Generic StartPage.l
    Owned
Virus (108)
  Damaged Worm (2)
    W32/Spybot.worm.dam
    W32/Gaobot.worm.dam
  Dropper (3)
    W32/Insane.dr
    W32/Valla.dr
    Linux/Alfa.dr
  Dropper Email (1)
    W32/Mytob.dr@MM
  E-mail (10)
    W32/Mytob.be@MM
    W32/Mytob.bi@MM
    W32/Mytob.bj@MM
    W32/Mytob.bo@MM
    W32/Mytob.bl@MM
    W32/Mytob.br@MM
    W32/Mytob.bf@MM
    W32/Mytob.cg@MM
    W32/Mytob.ch@MM
    W32/Bagle.do@MM
  E-mail worm (2)
    W32/Generic.a@MM
    W32/Bagle.dp@MM
  Email (61)
    W32/Klez.f@MM
    W32/Mytob.b@MM
    W32/Mytob.a@MM
    W32/Mytob.ev@MM
    W32/Mytob.at@MM
    W32/Mytob.av@MM
    W32/Mytob.au@MM
    W32/Mytob.fy@MM
    W32/Mytob.fw@MM
    W32/Mytob.fx@MM
    W32/Mytob.gg@MM
    W32/Mytob.gl@MM
    W32/Mytob.gj@MM
    W32/Mytob.gi@MM
    W32/Mytob.bg@MM
    W32/Mytob.bx@MM
    W32/Mytob.cd@MM
    W32/Mytob.gd@MM
    W32/Mytob.gc@MM
    W32/Mytob.gb@MM
    W32/Mytob.ga@MM
    W32/Mytob.gf@MM
    W32/Mytob.gp@MM
    W32/Mytob.gq@MM
    W32/Mytob.bn@MM
    W32/Mytob.dh@MM
    W32/Mytob.r@MM
    W32/Mytob.e@MM
    W32/Mytob.c@MM
    W32/Mytob.gt@MM
    W32/Mytob.g@MM
    W32/Mytob.bt@MM
    W32/Mytob.bp@MM
    W32/Mytob.ct@MM
    W32/Mytob.cf@MM
    W32/Mytob.dd@MM
    W32/Mytob.ca@MM
    W32/Mytob.n@MM
    W32/Mytob.f@MM
    W32/Mytob.d@MM
    W32/Mytob.cs@MM
    W32/Mytob.dk@MM
    W32/Mytob.dz@MM
    W32/Mytob.eb@MM
    W32/Mytob.ds@MM
    W32/Mytob.ea@MM
    W32/Mytob.gu@MM
    W32/Mytob.gx@MM
    W32/Mytob.ej@MM
    W32/Mytob.hp@MM
    W32/Mytob.gy@MM
    W32/Mytob.hf@MM
    W32/Mytob.gw@MM
    W32/Mytob.gz@MM
    W32/Mytob.hg@MM
    W32/Mytob.hh@MM
    W32/Mytob.hi@MM
    W32/Mytob.gv@MM
    W32/Mytob.he@MM
    W32/Mytob.es@MM
    W32/Mytob.eq@MM
  Email Generic (1)
    W32/Mytob.gen@MM
  File Infector (1)
    Linux/Alfa
  Generic (1)
    W32/Brepibot.gen
  Generic Peer To Peer (1)
    W32/Antinny.gen!p2p
  Generic Worm (8)
    W32/Spybot.worm.gen.e
    W32/Gaobot.worm.gen.e
    W32/Sdbot.worm.gen.w
    W32/Opanki.worm.gen
    W32/Sdbot.worm.gen.l
    W32/Sdbot.worm.gen.h
    W32/Sdbot.worm.gen.g
    W32/Sdbot.worm.gen.ac
  ICQ Messaging (1)
    ICQ-Cess
  JavaScript (1)
    JS/Xilos
  Linux (2)
    Linux/Glaurung.b
    Linux/Glaurung.a
  mIRC Worm (1)
    W32/Generic.worm!irc
  Win32 (7)
    New Poly Win32
    W32/Insane
    W32/Arikash
    W32/Generic.b
    W32/Generic.e
    Generic BackDoor.bf
    W32/Ily
  Worm (5)
    W32/Klez.gen@MM
    W32/Daol.worm
    W32/Generic.worm!im
    W32/Mytob.worm!im
    UNIX/Bleh.worm