Computer virus is a broad range of threats that can harm the computer in distinctive ways. Each type of computer virus was made for specific purpose of attacking the system and attains its malicious objective.


W32.Sality!dr is a detection for a virus that will infect executable files and have similar functions to a member of W32.Sality family. W32.Sality!dr will also search removable and networks shared drives for executable files. It will modify the file to redirect running of the polymorphic viral code that was found to be inserted on the last section of the host file. (more…)


W32.Stuxnet!lnk is a detection for .lnk files created by the W32.Stuxnet worm. These .lnk files will exploits the “Microsoft Windows Shortcut ‘LNK’ Files Automatic File Execution Vulnerability”  to be able to execute the files created by the worm. Malicious files will be spread by copying itself on removable drives found on infected computer. (more…)


W32.Phiskap.A is a deadly virus that will infect various files like .doc, .docx and rtf. If executed, W32.Phiskap.A will search all local drives, removable drives and USB drives for these files and compress them with an .exe format. The modified files will contain malicious code and be moved to %Current Folder%\[original file name].exe. (more…)


W32.Temphid!lnk is a detection for maliciously created .lnk files by W32.Temphid. W32.Temphid!lnk is usually found on removable USB drives of the infected computer. This link file will exploit operating system’s weak spot or also known as Microsoft Windows Shortcut ‘LNK’ Files Automatic File Execution Vulnerability to spread itself. (more…)


Suspicious.Pythia is a generic detection method developed to identify entirely new computer security threats without using the conventional antivirus signature. Suspicious.Pythia detection is aimed at discovering malicious programs that were intentionally encrypted by the author to hide its malicious purpose. (more…)


W32.Ramnit is a worm that propagates on removable drives infecting executable files it founds. W32.Ramnit will also copy itself on the recycle bin and creates Autorun.Inf file on each drives to run itself when the drive is accessed. (more…)


Win32/Protector.C is a virus that was intentionally encrypted to conceal itself from antivirus program and intends to infect a computer without being detected. This virus  can block Internet access on the infected computer by modifying configuration of Internet browser. The virus spreads locally by infecting system files and executable files that it can access over the shared network drives. The virus will attempt to connect to a remote computer and further download additional malware. (more…)


Virus.Win32.Hala.a is a virus that infects various files by injecting or overwriting it with a malicious code. The virus can also connect to a remote computer and download other malicious programs to victims PC. Virus.Win32.Hala.a fetches additional malware that has a payload of stealing sensitive information, intercept Internet browser traffic and opens a backdoor on compromised system. (more…)


W32/Liger-A will infect Windows DLL file and usually spreads on local and remote shared drives. This virus is created specifically for the Windows platform. This detection aims to identify legitimate Windows file that is contaminated with a virus. Some antivirus programs detects this threat as W32/PEPatcher because it patches a code into the header of legitimate Windows files to load malicious DLL components of the virus. (more…)


W32/Conficker!mem Detection

W32/Conficker!mem is a heuristic detection for a memory-related worm that may take advantage of the Microsoft Windows Server Service Vulnerability. This virus can download and execute more harmful files on to the computer. It modifies system registry to allow the virus to pass-through Windows firewall. Then, it will connect to a remote host where it will download the file. Typically, W32/Conficker!mem fetches file that it will use to update itself. Study also shows that the worm may pull down other malware that it will execute on the compromised computer. (more…)