TSPY_ZBOT.JMO is a Zeus or Zbot variant that, like all members of its family, steals bank-related credentials from the PCs that TSPY_ZBOT.JMO infects – typically to use to allow criminals to break into these accounts at a later date. While PC threats that are similar to TSPY_ZBOT.JMO can be distributed by a multitude of methods, TSPY_ZBOT.JMO's distribution is, so far, limited to a fake European football (or soccer) site that mimics the UEFA's website. Since TSPY_ZBOT.JMO's installation is...

TROJ_DLOADR.BGV is a Trojan downloader that installs spyware from the Zbot or Zeus family. Although these PC threats are high-level threats that are notorious for their attacks against bank accounts, TROJ_DLOADR.BGV hasn't been found to show obvious symptoms for its attacks, and you should preferably use anti-malware software whenever you have a need to detect or remove TROJ_DLOADR.BGV from your computer. Recent TROJ_DLOADR.BGV-based attacks have been found to be based on a copycat site for...

TROJ_FAKEAV.HUU is a Winwebsec-derived rogue anti-malware program, and like other Winwebsec scamware, TROJ_FAKEAV.HUU uses fake security information to convince you to purchase its software (although even TROJ_FAKEAV.HUU's purchase form is fake). While TROJ_FAKEAV.HUU's family members have been found to be distributed in multiple ways, including via e-mail spam, SpywareRemove.com malware analysts have found at least sports copycat site that's distributing TROJ_FAKEAV.HUU along with several...

Dropper.Win32.Dapato.pj!1a is an e-mail-distributed Trojan dropper that, once launched, installs a Sirefef Trojan, as well as Live Security Platinum (a recent member of the WinWebSec or Winweb Security family of rogue anti-malware scanners). E-mail messages that include Dropper.Win32.Dapato.pj!1a as a file attachment can be identified by their hoax topics, which, at the time of this writing, use fake notifications of Delta Airlines e-ticket purchases. SpywareRemove.com malware...

Trojan.Mpddoser is a Trojan that opens a back door on the infected computer. Once executed, Trojan.Mpddoser modifies the particular registry entry. Trojan.Mpddoser then copies itself to the certain location and runs itself from the new location. Trojan.Mpddoser also creates the specific registry entry so that it can run automatically every time you Windows. Trojan.Mpddoser then creates the specific mutex 'IPK-MPMutex' so that only one instance is executed on the PC. Trojan.Mpddoser connects...

Backdoor.Zemra is a Trojan that opens a back door to gain commands from the following remote command-and-control (C&C) server and drops more files onto the infected computer. Once executed, Backdoor.Zemra creates a few files on the compromised PC. Backdoor.Zemra modifies and deletes several files. Backdoor.Zemra creates several registry entries so that it can run automatically every time you start Windows. Backdoor.Zemra also creates the certain registry entry to involve itself in the...

W32/Patched.UB is a Trojan that is usually registered in Windows system processes. W32/Patched.UB is detected in the process named 'services.exe' that matches the critical system executable in 32-bit operating systems; however, it can fit other platforms too. W32/Patched.UB can also be inserted in some websites and, thus, infects online users once they visited the certain web page. W32/Patched.UB receives instructions provided by attackers from a remote Command and Control Center.

Troj/Yolped-A is a Trojan that's distributed in recent website-hacking attacks against prominent hotel chain sites. Although the attacks that are used to install Troj/Yolped-A (including Troj/JSRedir-HT ) require JavaScript, browsers with Java enabled may install Troj/Yolped-A without any visible symptoms that this attack is occurring in the first place. Troj/Yolped-A's full capabilities haven't been analyzed due to the recently-emerged nature of this PC threat, but Troj/Yolped-A has been...

Troj/JSRedir-HT is a Java-based browser exploit that installs a second PC threat, the Trojan Troj/Yolped-A , onto unprotected computers that are inadvertently exposed to its attack. Troj/JSRedir-HT's drive-by-download techniques are also applicable to other forms of harmful software and may be used on a variety of sites and unsafe advertisements, although SpywareRemove.com malware researchers can only confirm Troj/JSRedir-HT's usage at a recently-hacked website for a major hotel chain. Since...

Troj/Bredo-ZT is a recently-discovered Trojan from the widespread Bredo family, and like many other Bredo-based Trojans, uses mass-distributed e-mail messages as its favored chariots. E-mail spam that contain Troj/Bredo-ZT have, so far, limited themselves to templates that claim to be notifications about money wire transferrals, with the corresponding file attachment being presented as a Word document or other type of harmless file. However, the file attachment actually is a .zip that's...

Troj/BredoZp-KQ is a detection label for an archived version of the Trojan Troj/Bredo-ZT. Since Troj/Bredo-ZT is often distributed by e-mail in .zip format, Troj/BredoZp-KQ can be considered its most likely and default detection – under the assumption that you scan your e-mail files before opening them. Troj/BredoZp-KQ spam uses a wire transfer hoax that claims that a cash transferal process has been canceled and includes Troj/BredoZp-KQ as a file attachment that supposedly includes...

TR/Small.FI is a Trojan that's often installed by rootkits and similar PC threats. Attacks that are often related to TR/Small.FI infections include negatively-modified browser settings, browser redirects, fraudulent pop-ups and system changes that allow criminal access to your computer. Most anti-malware products will detect TR/Small.FI repeatedly as a symptom of other PC infections that may or may not be exposed by themselves; accordingly, SpywareRemove.com malware research team encourages...

Trojan horse Patched_c.LXT is a Trojan that affects 32-bit operating systems. Trojan horse Patched_c.LXT can spread via malicious or hijacked websites. Trojan horse Patched_c.LXT can copy itself through browser vulnerabilities into numerous PCs. Trojan horse Patched_c.LXT can download and install additional malware threats on the infected computer. Trojan horse Patched_c.LXT contains spying capabilities. Trojan horse Patched_c.LXT can also perform denial of services attacks.

The 'Security Monitor: WARNING!' fake message is a fraudulent pop-up alert that's associated with WinWebSec-based rogue anti-malware scanners. While the 'Security Monitor: WARNING!' fake message claims that a Trojan has been found on your PC, this warning is just an excuse to install a member of WinWebSec (such as Live Essential Platinum or Personal Shield Pro ) – and this occurs even if you don't accept its software installation request. The presence of 'Security Monitor: WARNING!' fake...

Printlove or W32.Printlove is a worm that exploits printer spools to attack your PC, sometimes causing your confused printer to print out strings of gibberish (which actually is malicious code). SpywareRemove.com malware researchers and others have noted the similarities between Printlove and Trojan Milicenso , although there haven't been confirmed links between these two PC threats. Keeping Printlove from spreading through removable drives should be considered a heavy priority while dealing...

Troj/Zbot-CCH is a Trojan that's often distributed by the same methods as Mal/EncPk-NS : as an e-mail file attachment that's purported to be risqué photographs or proof of your stealing digital property by breaking into accounts. As a Zbot or Zeus Trojan -based Trojan, Troj/Zbot-CCH may attack your web-browsing safety, shut your firewall down, steal private information (such as account logins for bank sites) or simply allow criminals to control your PC wholesale from a Command & Control...

Mal/EncPk-NS is a Trojan that's distributed via spam e-mail messages, with message templates including such frauds as fake pornographic pictures and fake threats of legal action. Although a full analysis of Mal/EncPk-NS remains forthcoming, Mal/EncPk-NS has a high probability of installing other PC threats, modifying your security settings in negative ways, stealing personal information or allowing your PC to be controlled from a remote C&C server. Because SpywareRemove.com malware...

Trojan Horse Dropper.Generic_c.MMI is a heuristic label for a variant of a Trojan that installs other PC threats from a predesignated payload. SpywareRemove.com malware researchers have found that Trojan Horse Dropper.Generic_c.MMI infections often display traits that are frequently associated with rootkits (such as those from the Sirefef family) and may be difficult to remove without both competent anti-malware software and additional PC security techniques. Symptoms of Trojan Horse...

Search.chatzum.com is a Google-inspired subdomain of, a site that promotes a PUP (or Potentially Unwanted Program) Facebook add-on. PC users who are infected by this Chatzum add-on will find their homepages locked to Search.chatzum.com, their searches redirected to Search.chatzum.com and their Facebook accounts compromised for the sake of promoting Chatzum. This Search.chatzum.com-redirecting app is only ranked as a low-level PC threat, but it does bear all the hallmark traits of deceptive...

FileHunter is a peer-to-peer downloading client that can be used to search for movies, music and other files. Although FileHunter has genuine file searching and downloading features, malware researchers have also ranked FileHunter as a low-level risk due to its usage of unscrupulous installation strategies. Because FileHunter is sometimes distributed with mislabeled installation files that disguise themselves as media files for popular television shows, etc, FileHunter is labeled as a PUP or...