Previous Ranking: 1
Percentage Detected: 11.68%
JS/Danger.ScriptAttachment is a generic detection of suspicious e-mail attachments.
Previous Ranking: 2
Percentage Detected: 3.93%
Win32/Bundpil is a worm that spreads via removable media. The worm contains an URL from which it tries to download several files. The files are then executed and HTTP is used for communication with the command and control server (C&C) to receive new commands. The worm may delete files with the following file extensions:
Previous Ranking: 3
Percentage Detected: 2.32%
Win32/Agent.XWT is a trojan that serves as a backdoor. It can be remotely controlled and is usually a part of other malware. It collects the operating system version and language settings, then attemps to send the gathered data to a remote machine using HTTP.
Previous Ranking: 5
Percentage Detected: 1.71%
HTML/Refresh is a trojan that redirects the browser to a specific URL serving malicious software. The malicious program code is usually embedded in HTML pages.
Previous Ranking: 4
Percentage Detected: 1.67%
Previous Ranking: 9
Percentage Detected: 1.65%
Generic detection of HTML web pages containing obfuscated scripts or iframe tags that automatically redirect to a malware download.
Previous Ranking: 8
Percentage Detected: 1.20%
This is a file infector that executes every time the system starts. It infects .dll (direct link library) and .exe (executable) files and searches for htm and html files into which it can insert malicious instructions. It can be controlled remotely to capture screenshots, send information it has gathered, download files from a remote computer and/or the Internet, and run executable files or shut down/restart the computer.
Previous Ranking: 7
Percentage Detected: 1.18%
Sality is a polymorphic file infector. When it is executed registry keys are created or deleted that are related to security applications in the system so as to ensure that the malicious process restarts each time the operating system is rebooted.
It modifies EXE and SCR files and disables services and processes implemented by and associated with security solutions.
More information relating to a specific signature: http://www.eset.eu/encyclopaedia/sality_nar_virus__sality_aa_sality_am_sality_ah
Previous Ranking: N/A
Percentage Detected: 1.12%
Defo is the detection name for program code of an MS-DOS-specific virus.
Previous Ranking: 10
Percentage Detected: 1.02%
INF/Autorun is a generic detection of multiple malicious versions of the autorun.inf configuration file created by malware. The malicious AUTORUN.INF file contains the path to the malicious executable. This file is usually dropped into the root folder of all the available drives in an attempt to auto-execute a malicious executable when the infected drive is mounted. The malicious AUTORUN.INF file(s) may have the System (S) and Hidden (H) attributes set in an attempt to hide the file from Windows Explorer.