Latest Virus Alerts - Virus information Center

VIRUS NAME	DETAILS
W32.Winevar@mm	Winevar is an Internet worm, uses e-mail addresses collected from DBX and HTM files to send infected messages. The worm main attachment will be "WIN<random characters>.PIF". The subject and message body will be random.\| More details
Worm/Opaserv.A	Opaserv is a network worm, spreads using shared network drives. Opaserv infects only the network shares and it will not spread using e-mail attachments.When executed, it will search for Windows folder in the local system and network and copies to "Scrsvr.exe".\| More details
W32.Braid.A@mm	Brid.A is an Internet worm, uses e-mail addresses collected from DBX and HTM files to send infected messages. The worm attachment will be "README.EXE". This worm is also known as I-Worm/Bridex, W32/Braid-A, PE_BRID.A, W32.Brid.A@mm, Bridex worm.\| More details
W32.Frethem.K@mm	Frethem.K is a modified variant of Frethem mass mailing worm. It uses e-mail addresses stored in Windows Address book and collects addresses from .dbx, .wab, .mbx, .eml, and .mdb files to distribute infected messages.\| More details
Jdbgmgr hoax	A hoax message claiming that a new virus is hiding in the Windows utility file JDBGMGR.EX. This is a Windows system file used by Windows Java runtime machine. It is not infected with any virus and do not delete this file. Also do not forward this hoax message to anyone.\| More details
W32.Klez.H@mm	Klez.H is modified variant of original Klez worm. Klez.H variant rapidly spreads in the wild. It arrives as an e-mail attachment and the attachments are embedded within the e-mail and it won't visible to the user.\| More details
W32.Gibe.A@mm	Gibe is an Internet worm uses Microsoft Outlook and its own SMTP engine to spread. The worm is 122880 bytes long and the e-mail attachment name will be "Q216309.exe". Gibe worm sends fakes email as it is an update coming from Microsoft.\| More details
W32.Klez.E@mm	Klez.E is modified variant of original Klez worm. Klez.E variant rapidly spreads in the wild. I-worm/Klez.E arrives as an e-mail attachment. The attachments are embedded within the e-mail and it won't visible to the user.\| More details
W32.Nimda.A@mm	Nimda is a mass mailing worm uses different techniques to spread. It will infect network shares, local PE files and already vulnerable Microsoft IIS web servers. Because of the IIS server infection it generates heavy network traffic. Nimda also uses CodeRed dropped trojan to find the target server.\| More details
W32.APost.A@mm	APost is an Internet worm uses Microsoft Outlook to spread. The worm is 24,576 bytes long and written in Visual Basic 6.0. It needs "MSVBVM60.dll" to spread otherwise it will show dll missing error. The attachment name will be "Readme.exe". It is also known as I-Worm.Readme, WORM_APOST\| More details
IIS.CodeRed Worm	CodeRed worm spreads using .ida buffer overflow attack vulnerability in IIS Web servers. The worm will attack unprotected IIS servers. Web administrators are requested to install the security patch provided by Microsoft. \| More details
VBS/Redlof.A	VBS/Redlof.A is an encrypted Visual basic script worm, uses Microsoft outlook Express to spread. It also infects VBS, HTML, HTM, ASP, PHP, JSP, and HTT files. \| More details
W32.SirCam@mm	SirCam is a mass mailing worm uses e-mail addresses stored in Windows Address book and also collects addresses from temporary Internet folder to distribute infected messages. SirCam is also network aware worm. It searches for network shares and infects them too. \| More details
VBS/Jolin	VBS/Jolin is an intended VB script worm uses Microsoft outlook and mIRC to spread. The worm contains bugs in its code, so it won't work properly. The email message subject will be "FW: Check this out... " and the attachment will be "!!jolin_caught_naked!!!!.jpg.vbs " \| More details
VBS/Mawanella	VBS/Mawanella aka VBS/VBSWG.Z is a encrypted VB script worm uses Microsoft outlook to spread. The email message subject will be " Mawanella" and the attachment will be "Mawanella.vbs" and the message body will be "`Mawanella is one of the Sri Lanka's Muslim Village".` \| More details
VBS/HomePage	VBS/HomePage aka VBS/VBSWG.X is a encrypted VB script worm uses Microsoft outlook to spread. The email message subject will be " Homepage " and the attachment will be "homepage.HTML.vbs" and the message body will be "`Hi! You've got to see this page! It's really cool ;O)"`. \| More details
W32.BadTrans@mm	BadTrans is an encrypted worm spreads via MAPI function of Microsoft Outlook and it also drops Trojan.PSW.Hooker.b in the victims PC. The virus author can steal username and password details using the password stealer. \| More details
W32/Magistr	W32/Magistr is a complex polymorphic worm spreads via email and it contains virus components to infect PE files [.EXE, .SCR] in Windows environment. It infects local machine and PCs connected to the local network (LAN). It is discovered in March 2001 and frequently reported in the wild. \| More details
W95.Hybris	Hybris is a complex deadly worm, it will update the plugins from the virus author's site or through a virus conference news group alt.comp.virus. The worm uses Win95/Babylonia virus technique to download plugins, but it uses strong encryption on plugins using RSA 128 bit keys. The worm patches WSOCK32.DLL to email automatically. \| More details
W32.Prolin@mm	Prolin is an Internet worm, uses Microsoft Outlook to email itself.The worm is 36,834 bytes long and written in Visual Basic version 6. It needs "MSVBVM60.dll" to spread otherwise it will show DLL missing error. The e-mail attachment name will be "Creative.exe". \| More details
W32/MTX	MTX is a complex encrypted worm spreads via email and carries a virus to infect local machine files. It is discovered one month back and frequently reported in the wild. When executed, the worm patches WSOCK32.DLL to email automatically. The virus component uses EPO ( Entry Point Obscuring ) technology to infect files. \| More details
VBS/Stages	VBS/Stages is a multi application Windows worm uses Microsoft outlook, mIRC, Pirch and mapped drives to spread. Because of the mass mailing routine it downs many e-mail servers. The attachment name will be "LIFE_STAGES.TXT.SHS" and size will be 39,936 bytes. \| More details
VBS/Plan (VBS_Colombia)	VBS/Plan is a new modified variant of VBS/LoveLetter worm uses Microsoft outlook to spread. While opening the e-mail attachment, will copy LINUX32.vbs and a random file name in windows system folder and reload.vbs in windows folder. Then it changes the registry settings so that the the script is automatically executed when the system is restarted.\| More details
W97M/Resume	Resume is a word macro worm makes use of the MAPI functions in Microsoft Outlook to retrieve the current user profile and password for server logon. This Virus grabs e-mail addresses from the address book of Microsoft Outlook and resends the mail. It is very similar to Melissa virus. It won't infect any document in the system but will delete files in the mapped dirves.\| More details
VBS/NewLove	VBS/NewLove is a modified variant of VBS/Love Letter worm uses Microsoft outlook to spread. It contains a very dangerous payload and it will overwrite all files with virus code in a fly. The damaged files cannot be recovered.\| More details
W32.SouthPark@mm	South Park is an Internet worm, uses Microsoft Outlook and other different techniques like copying "South Park.exe" to floppy drives and Mapped drives to spread. The worm is 19,968 bytes long and written in Visual Basic. It needs "MSVBVM50.dll" to spread otherwise it will show dll missing error. The e-mail attachment name will be "South Park.exe".\| More details
VBS/LoveLetter	VBS/LoveLetter is a VB Script uses Microsoft outlook and Mirc clients to spread. It is spreading faster than Melissa virus. It causes heavy e-mail traffic and downs many mail servers. There are several variants reported in the wild. The attachments will be LOVE-LETTER-FOR-YOU.TXT.VBS, mothersday.vbs, Urgent_virus_warning.vbs, IMPORTANT.TXT.VBS, Virus-Protection-Informations.vbs, ArabAir.TXT.vbs, BEWERBUNG.TXT.vbs, KillEmAll.TXT.vbs, protect.vbs or Very Funny.vbs . \| More details
Wscript/Kak	Wscript/Kak is a worm that exploits security vulnerabilities in Microsoft Internet Explorer and Microsoft Outlook in a way similar to Bubbleboy worm. It will ONLY infect PCs running Windows 98 with Internet Explorer 5 and Outlook or Outlook Express. \| More details
W32.Plage@mm	Plage is an e-mail worm, uses MAPI functions to infect e-mail messages. The worm is 102400 bytes long written in Borland C++. The worm has an icon similar to PKLITE self extracting program, very similar to W32/ExploreZip worm. The infection method is also similar to ExploreZip worm but it won't delete the data files in the system. \| More details
W95/Babylonia	W95/Babylonia is a polymorphic virus, When executed, the virus infects .EXE and .HLP files. When it detects an Internet connection, it attempts to connect to a Web site hosted by a virus authoring group, and if successful, it downloads additional components of the complete virus to the host PC. \| More details
Worm.MiniZip	MiniZip is a compressed variant of the original ExploreZip worm, it uses standard e-mail software such as Outlook, Outlook Express and Exchange to spread. It infects Windows 95/98/NT systems and damages the data. It searches for the files with extensions doc, xls, ppt, h, asm, c, cpp in the local hard drives and mapped drives and reduces the file size to zero byte. \| More details
W97M/Prilissa	W97M/Prilissa virus is a new variant of Melissa virus infects Word 97 Documents. Prilissa virus makes use of the MAPI functions in Microsoft Outlook to retrieve the current user profile and password for server logon. This Virus grabs the first 50 addresses from the address book of Microsoft Outlook and resends the mail. It will format your harddisk on Christmas day. \| More details
W32/FunLove	This virus is a W32 PE file virus infects EXE, SCR, OCX files under Win9x and WinNT 4.0 platforms. The infected files will increase by 4099 bytes. What is notable about this virus is that it uses a new strategy to attack the Windows NT file security system and it runs as a service on Windows NT systems. \| More details
VBS/Bubbleboy	VBS/Bubbleboy is the first e-mail worm to infect computers without using attachments. Historically, as long as you don't open e-mail attachments you're safe from virus infection, but this changes all that. It will ONLY infect PCs running Windows 98 with Internet Explorer 5 and Outlook or Outlook Express.\| More details
VBS/Monopoly	Monopoly is a VBScript worm, uses Microsoft OUTLOOK and it sends information about who runs the file. When run, it will display a message saying "Bill Gates is guilty of monopoly. Here is the proof.". Then it will show a JPG file, which shows Bill Gates face in the monopoly game.\| More details
Backdoor.Bo2K	BO2K is a hacker agent, it allows the computer to be remotely controlled by another user. It was created by the Cult of Dead Cow hackers group in July 1999. It works on Windows 95, 98 and Windows NT platforms. There are two versions available in this Trojan, one is designed for USA and other an international version.\| More details
Worm.ExploreZip	ExploreZip is an e-mail worm, it uses standard e-mail software such as Outlook, Outlook Express and Exchange to spread. It infects Windows 95/98/NT systems and damages the data. It searches for the files with extensions doc, xls, ppt, h, asm, c, cpp in the local hard drives and mapped drives and reduces the file size to zero byte. So it is impossible to recover the data from the infected files. It will infect other networked computers too. \| More details
Worm.Happy99	The is a W32-based e-mail and newsgroup worm. It displays fireworks when executed first time as Happy99.exe. When executed first time, it creates SKA.EXE and SKA.DLL in the system directory. Also it modifies WSOCK32.DLL to infect.\| More details