| Adware.AdImage |
Adware.AdImage is of Korean origin. It installs without displaying a EULA or Privacy Policy. Adware.AdImage may cause pop-up advertisements. |
| Adware.Cashplus |
Adware.Cashplus installs itself as a browser extension. Adware.Cashplus may cause pop-up advertisements. |
| Adware.Deskbar |
Adware.Deskbar installs itself as a Browser Helper Object (BHO). It may cause pop-up advertisements. |
| Adware.Dpoint |
Adware.Dpoint is of Korean origin. It will install itself and replace the links field in Explorer / Internet Explorer. Adware.Dpoint may cause pop-up advertisements. |
| Adware.E404 |
Adware.E404 installs itself as a Browser Helper Object (BHO). It may monitor user surfing habits and cause pop-ups. |
| Adware.Katzu |
Adware.Katzu installs without displaying a EULA or Privacy Policy. It is installed as a Browser Helper Object (BHO). Adware.Katzu may cause pop-up or pop-under advertisements. |
| Adware.MicroBillSystems |
Adware.MicroBillSystems is used as a paying system mostly for adult oriented sites. After a short while, it will display multiple pop-ups trying to force the user to register. |
| Adware.Sweetbar |
Adware.Sweetbar installs itself as a Browser Helper Object (BHO). It may cause pop-up advertisements. |
| AdwareBot |
AdwareBot is a rogue anti-adware application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports, then ask the user to purchase a registered version to remove those reported threats. |
| AntiSpyware |
AntiSpyware is a rogue anti-spyware application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats. |
| AntispywareBot |
AntispywareBot is a rogue anti-spyware application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats. |
| AntiTrojanPro |
AntiTrojanPro is rogue anti-spyware and a clone of MalwarePro; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats. |
| DoctorVaccine |
DoctorVaccine is rogue anti-spyware that tricks the user into buying the commercial version. DoctorVaccine's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes. |
| ErrorKiller |
ErrorKiller is a rogue repair application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated error reports, then ask the user to purchase a registered version to remove those reported errors. |
| ErrorSmart |
ErrorSmart is a rogue registry repair application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats. |
| ErrorSweeper |
ErrorSweeper is a rogue error repair application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated damage reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats. |
| EvidenceEraser |
EvidenceEraser is a rogue application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats. |
| MalwareBot |
MalwareBot is a rogue anti-spyware application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports, then ask the user to purchase a registered version to remove those reported threats. |
| PrivacyControl |
PrivacyControl is a rogue privacy application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated privacy threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats. |
| PrivacyRedeemer |
PrivacyRedeemer is rogue anti-spyware that tricks the user into buying the commercial version. PrivacyRedeemer's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes. |
| RegClean |
RegClean is a rogue registry application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated damage reports on the compromised computer, then ask the user to purchase a registered version to remove the reported damage. |
| RegistryBot |
RegistryBot is a rogue registry application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated error reports, then ask the user to purchase a registered version to remove those reported errors. |
| RegistryCleanFix |
RegistryCleanFix is a rogue registry repair application; it may give exaggerated error reports, then ask the user to purchase a registered version to remove those reported errors. |
| RegistryClear |
RegistryClear is a rogue registry repair application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated damage reports, then ask the user to purchase a registered version to repair the reported damage. |
| RegistrySmart |
RegistrySmart is a rogue registry application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated reports on the computer, then ask the user to purchase a registered version to remove those reported items. |
| RegRecall |
RegRecall is a rogue registry application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated damage reports on the compromised computer, then ask the user to purchase a registered version to remove the reported damage. |
| RegSweep |
RegSweep is a rogue registry repair application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated damage reports, then ask the user to purchase a registered version to repair the reported damage. |
| SearchAndDestroy |
SearchAndDestroy is rogue anti-spyware and a clone of MalwarePro; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats. |
| SpyBurner |
SpyBurner is a rogue anti-spyware application and clone of SpyAway; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats. |
| SpyDestroyPro |
SpyDestroyPro is rogue anti-spyware that tricks the user into buying the commercial version. SpyDestroyPro's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes. |
| SpyMaxx |
SpyMaxx is rogue anti-spyware and a clone of AntiSpyStorm; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats. |
| SpySnipe |
SpySnipe is a rogue anti-spyware and clone of SpywareIsolator; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats. |
| SpywareRemover |
SpywareRemover is a rogue anti-spyware application published by C-NetMedia; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats. |
| SpywareStop |
SpywareStop is a rogue anti-spyware application published by C-NetMedia/2Squared LLC/Antispyware LLC; it may give exaggerated threat reports, then ask the user to purchase a registered version to remove those reported threats. |
| SpyWatchE |
SpyWatchE is rogue anti-spyware and a clone of TheSpyBot; it may give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove those reported threats. |
| TheSpyBot |
TheSpyBot is rogue anti-spyware that tricks the user into buying the commercial version. TheSpyBot's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes. |
| UnigrayAntiVirus |
UnigrayAntiVirus is rogue anti-spyware that tricks the user into buying the commercial version. UnigrayAntiVirus's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans, that scare / trick the user into clicking yes. UnigrayAntiVirus has been seen spreading by Win32.Trojan.MonaGrey. |
| Win32.AdWare.FindFM |
Win32.AdWare.FindFM installs an Internet Explorer toolbar loaded as a BHO, Browser Helper Object. The Internet Explorer homepage and search pages may be hijacked. Searches made from the Internet Explorer address bar may be redirected to the find-fm.com search page. It does not display a Privacy Policy or EULA. |
| Win32.Adware.Insider |
Win32.Adware.Insider may communicate with other computers using the HTTP protocol and execute a process which runs in stealth, giving no clue of its functionality. |
| Win32.Backdoor.Bancodor |
Win32.Backdoor.Bancodor can give an attacker unauthorized remote access to the infected machine, compromising system security and user privacy. Win32.Backdoor.Bancodor installs to load automatically at system start and it installs program components that hook to legitimate processes on the system. |
| Win32.Backdoor.Banito |
Win32.Backdoor.Banito is a malware application that can open up backdoors on a compromised computer. |
| Win32.Backdoor.Lemerul |
Win32.Backdoor.Lemerul will open up a backdoor on the infected machine, allowing remote access. |
| Win32.Backdoor.Lizard |
Win32.Backdoor.Lizard will open up a backdoor on the infected machine, allowing the attacker to remotely exploit the victim's machine. |
| Win32.Backdoor.MoonPie |
Win32.Backdoor.MoonPie opens a backdoor that may allow a remote user to take control of the infected system. |
| Win32.Backdoor.PushBot |
Win32.Backdoor.PushBot will open up a backdoor on the infected machine, allowing remote access. |
| Win32.Backdoor.Specrem |
Win32.Backdoor.Specrem will open up a backdoor on the infected machine, allowing the attacker to remotely exploit the victim's machine. |
| Win32.Dialer.AdultBrowser |
Win32.Dialer.AdultBrowser is a porn dialer which automatically opens up porn sites and attempts to dial up without permission from the user. |
| Win32.FakeCodec.BlackCodec |
Win32.FakeCodec.BlackCodec is a Zlob fake codec installer. It installs a rootkit which changes the DNS name lookup results. It may also be used for phishing and other malicious purposes. The rootkit prevents its removal by hiding its presence through concealing running processes, files or data from the infected operating system. The malware may not be detected by system utilities, security related applications, or by the users on the infected system. This malware may have to be removed manually. If infected, users may seek further help at the Lavasoft Support Forums. |
| Win32.FakeCodec.MoonCodec |
Win32.FakeCodec.MoonCodec is a Zlob fake codec installer. It installs a rootkit which changes the DNS name lookup results. It may also be used for phishing and other malicious purposes. The rootkit prevents its removal by hiding its presence through concealing running processes, files or data from the infected operating system. The malware may not be detected by system utilities, security related applications or by the users on the infected system. This malware may have to be removed manually. Infected users may seek further help at the Lavasoft Support Forums. |
| Win32.FakeCodec.Nitrocodec |
Win32.FakeCodec.Nitrocodec is a Zlob fake codec installer. It installs a rootkit which changes the DNS name lookup results. It may also be used for phishing and other malicious purposes. The rootkit prevents its removal by hiding its presence through concealing running processes, files or data from the infected operating system. The malware may not be detected by system utilities, security related applications or by the users on the infected system. This malware may have to be removed manually. If infected, users may seek further help at the Lavasoft Support Forums. |
| Win32.FakeCodec.OperaCodec |
Win32.FakeCodec.OperaCodec is a Zlob fake codec installer. It installs a rootkit which changes the DNS name lookup results. It may also be used for phishing and other malicious purposes. The rootkit prevents its removal by hiding its presence through concealing running processes, files or data from the infected operating system. The malware may not be detected by system utilities, security related applications or by the users on the infected system. This malware may have to be removed manually. If infected, users may seek further help at the Lavasoft Support Forums. |
| Win32.FakeCodec.ZeroCodec |
Win32.FakeCodec.ZeroCodec is a Zlob fake codec installer. It installs a rootkit which changes the DNS name lookup results. It may also be used for phishing and other malicious purposes. The rootkit prevents its removal by hiding its presence through concealing running processes, files or data from the infected operating system. The malware may not be detected by system utilities, security related applications or by the users on the infected system. This malware may have to be removed manually. If infected, users may seek further help at the Lavasoft Support Forums. |
| Win32.P2PWorm.Malan |
Win32.P2PWorm.Malan is a worm which uses p2p technology to spread itself over the local network or Internet. |
| Win32.Trojan.AddUser |
Win32.Trojan.AddUser installs itself as a Trojan. It may also download additional files to the infected system. |
| Win32.Trojan.Hijacker |
Win32.Trojan.Hijacker is an application that may give an attacker control over the infected PC, compromising system security and user privacy. |
| Win32.Trojan.Juan |
Win32.Trojan.Juan installs itself as a Trojan. It may also download additional files to the infected system. |
| Win32.Trojan.Kobcka |
Win32.Trojan.Kobcka installs itself as a Trojan. It may also download additional files to the infected system. |
| Win32.Trojan.LinkReplacer |
Win32.Trojan.LinkReplacer installs itself as a Trojan. It may also download additional files to the infected system. |
| Win32.Trojan.MonaGrey |
Win32.Trojan.MonaGrey installs itself as a Trojan. It may also download additional files to the infected system. |
| Win32.Trojan.Raiden |
Win32.Trojan.Raiden installs itself as a Trojan. It may also download additional files to the infected system. |
| Win32.Trojan.Scapur |
Win32.Trojan.Scapur installs itself as a Trojan. It may also download additional files to the infected system. |
| Win32.Trojan.Srizbi |
Win32.Trojan.Srizbi installs itself as a Trojan. It may also download additional files to the infected system. Win32.Trojan.Srizbi uses a rootkit to hide its presence on the infected machine. |
| Win32.Trojan.Trash |
Win32.Trojan.Trash is an application that may give an attacker control over the infected PC, compromising system security and user privacy. |
| Win32.Trojan.WGAPatch |
Win32.Trojan.WGAPatch installs itself as a Trojan. It may also download additional files to the infected system. |
| Win32.TrojanDownloader.Codec.E |
Win32.TrojanDownloader.Codec.E downloads malicious software from a remote server without the consent of the user. |
| Win32.TrojanDownloader.mmCodec |
Win32.TrojanDownloader.mmCodec is a fake movie codec. Once installed, it will display fake alert messages saying that the computer is infected. It will then try to download rogue anti-spyware. |
| Win32.TrojanDownloader.PcSave |
Win32.TrojanDownloader.PcSave downloads malicious software from an remote server without the consent of the user. |
| Win32.TrojanDownloader.Winlagons |
Win32.TrojanDownloader.Winlagons downloads malicious software from a remote server without the consent of the user. |
| Win32.TrojanDropper.CashOn |
Win32.TrojanDropper.CashOn will drop additional files on the infected system. These files are often other Trojans or downloaders. |
| Win32.TrojanDropper.Fenu |
Win32.TrojanDropper.Fenu will drop additional files on the infected system. These files are often other Trojans or downloaders. |
| Win32.TrojanDropper.Sramler |
Win32.TrojanDropper.Sramler drops additional malicious files on the infected computer, compromising system security and user privacy. |
| Win32.TrojanProxy.Corpes |
Win32.TrojanProxy.Corpes allows remote access to the computer and directs traffic to the Internet without the consent of the user. It also lowers system security by deleting firewall settings. |
| Win32.TrojanProxy.Wintu |
Win32.TrojanProxy.Wintu allows remote access to the computer and directs the traffic to the Internet without the consent of the user. It also lowers system security by deleting firewall settings. |
| Win32.TrojanPWS.AcidShiver |
Win32.TrojanPWS.AcidShiver records your keystrokes and passwords, transmitting them to a remote server. |
| Win32.TrojanPWS.EPS |
Win32.TrojanPWS.EPS records your keystrokes and passwords, transmitting them to a remote server. |
| Win32.TrojanPWS.InetHlp |
Win32.TrojanPWS.InetHlp records your keystrokes and passwords, transmitting them to a remote server. |
| Win32.TrojanPWS.Kuang |
Win32.TrojanPWS.Kuang records your keystrokes and passwords, transmitting them to a remote server. |
| Win32.TrojanPWS.Prostor |
Win32.TrojanPWS.Prostor records your keystrokes and passwords, transmitting them to a remote server. |
| Win32.TrojanPWS.SharaQQ |
Win32.TrojanPWS.SharaQQ records your keystrokes and passwords, transmitting them to a remote server. |
| Win32.Worm.Agent |
Win32.Worm.Agent is a mass mailing worm that spreads itself without any user intervention. |
| Win32.Worm.Doombot |
Win32.Worm.Doombot is a mass mailing worm that spreads itself without any user intervention. |
| Win32.Worm.Dumaru |
Win32.Worm.Dumaru is a mass mailing worm that spreads itself without any user intervention. |
| Win32.Worm.Ganter |
Win32.Worm.Ganter is a mass mailing worm that spreads itself without any user intervention. |
| Win32.Worm.Merkur |
Win32.Worm.Merkur is a mass mailing worm that spreads itself without any user intervention. |
| Win32.Worm.Napsin |
Win32.Worm.Napsin is a mass mailing worm that spreads itself without any user intervention. |
| Win32.Worm.Pikachu |
Win32.Worm.Pikachu is a mass mailing worm that spreads itself without any user intervention. |
| Win32.Worm.Redist |
Win32.Worm.Redist is a mass mailing worm that spreads itself without any user intervention. |
| Win32.Worm.Scrapkut |
Win32.Worm.Scrapkut spreads through the Orkut social network by injecting malicious javascripts into people's scrapbooks. |
| WiniFixer |
WiniFixer is rogue anti-spyware that tricks the user into buying the commercial version. WiniFixer's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes. |
| WinReanimator |
WinReanimator is rogue anti-spyware that tricks the user into buying the commercial version. WinReanimator's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes. |
