W32.Voterai can propagate via removable media drives. It displays an image about a presidential candidate Raila Odinga. Once executed, W32.Voterai will make a copy itself inside Windows\System\Driver\ directory. The worm was created as a campaign material for the election in the Republic of Kenya. More
W32.Debanpass is a worm that can steal sensitive information and send the gathered data to a remote attacker. W32.Debanpass will create a copy of itself on removable media devices and configure itself to automatically run when Windows is started. The worm is specifically designed to steal banking details on the compromised machine. More
W32.Niuniu is a worm that can spread via unsafe network shares and removable media storage devices. It will infect .html, .asp, and .php files. The worm will copy itself on available removable media devices and drops an autorun.inf that when executes will point user to a hidden .exe file. More
W32.Niuniu!inf is a detection for files that has been infected with W32.Niuniu. Files identified as W32.Niuniu!inf may propagate by creating a duplicate of itself on removable media devices and unsecured network drives. More
VBS.Stemclover is a computer worm that can disable software and prevent user from running it on the infected computer. It propagates by copying itself to removable media storage devices. VBS.Stemclover also searches for files that have .XLS extension and creates a duplicate with .VBS extension in order to mislead victims into executing the virus without their knowledge. More
W32.Stemclover can drop a copy of VBS.Stemclover onto the computer. It spreads by copying itself to network shares and removable media storage devices. W32.Stemclover is also capable of modifying registry entry to allow itself to run every time Windows starts. The worm will add a line of text in a batch file to display a message when it runs. More
W32.Badday.A spreads through removable storage devices. This worm can reduce security settings on the infected computer that may disable any installed anti-virus and firewall applications. W32.Badday.A will search for files that are .doc, .mpg, .3pg, .wmv, .rar, .jpg, .txt and creates the same file with the executable extension. This worm can also shut down any opened windows that contains words such as kill, hijack, reg and process to prevent its removal. More
W32.Fleck.A spreads via unsecured file-sharing networks and is capable of downloading and executing additional threats onto the infected computer. W32.Fleck.A can create its own registry so that it runs every time Windows starts. When loaded, W32.Fleck.A will connect to a remote file-sharing networks to download more threats. More
W32.Yahack.A propagates via unsecured mapped drives on computer networks. W32.Yahack.A can steal sensitive information by logging keystrokes, gathers system information, and steals Yahoo! Messenger passwords. It will store the gathered data to LogBoy.log under Windows directory and send later to a predefined e-mail address. More