Details
Trojan.Win32.Trasher

This is a silly Win32 Trojan program. Upon start-up, it copies itself to the Windows system directory with the MFC42W.EXE name, and registers this file in the Windows registry auto-run key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run MFC42Profile = MFC42W.EXE
The Trojan then “sleeps” for about three minutes, and then creates a TRASH.BIN file in the Windows directory, and then writes to this file garbage in an endless loop; thus, decreasing hard-drive free space by filling it with useless data.

Details
Trojan.Win32.TopAntiSpyware.l
This Trojan is a Windows PE EXE file approximately 36KB in size. When installing itself to the victim machine, the Trojan copies itself to the Windows system directory as winnook.exe: %System%\winnook.exe It then creates the following system registry value to ensure that the Trojanall

Details
Trojan.Win32.Tepille

This trojan does not destroy data on the computer, but locks it instead.
When trojan file is run it copies itself to CLEARUP.EXE file to Windows system directory and registers it in system Registry auto-run key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run TePille = %SystemDir%\clearup.EXE
The trojan then renames two system files to make system cleaning more difficult:
renames REGEDIT.EXE to REGEDIT.BAK in Windows directory renames MSCONFIG.EXE to MSCONFIG.BAK in Windows system directory
The trojan then displays fake error message and exits:
Error
Imposible cargar OCX mscommondlg.ocx, la aplicacion finalizara
[ OK ]
On next Windows startup the trojan is auto-started, locks the system and displays an image of eyes and lips. Keyboard and mouse is locked, and the only way to exit is Reset key, but on next startup the trojan is started again.
To get rid of the trojan you need to load system in safe mode, then
delete trojan file in system directory
rename REGEDIT and MSCONFIG files back to .EXE
run REGEDIT and delete trojan’s registry “Run=” key

Details
Trojan.Win32.StartPage.vk
This Trojan is a Windows PE EXE file, packed using UPX. The packed file is approximately 33KB in size, and the unpacked file is approximately 166KB in size. Once launched the Trojan registers itself in the system register: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] “bootpd.exe”=<all

Details
Trojan.Win32.StartPage.a

The main purpose for this group of trojans is to update the Windows registry IE start page setting with an Internet site address.

Details
Trojan.Win32.Small.ev
This Trojan is a Windows PE EXE file 40448 bytes in size. Installation Once launched, the Trojan creates the following files in the Windows system and root directories: %System%\intell32.exe %System%\oleext.dll %System%\oleext32.dll %System%\wppp.html %Windir%\uninstIU.exe It then registersall

Details
Trojan.Win32.Shutdowner.i
This Trojan program is a Windows PE EXE file approximately 365KB in size. It is not packed in any way. Once launched, the Trojan will attempt to reboot the victim machine. It is usually used in conjunction with other malicious programs.

Details
Trojan.Win32.Sevgi.a

This text was written by Alexei Podrezov, F-Secure Corp.
Being run, this Trojan horse shows a message box with an animated picture and starts to change the mouse pointer cursor position every half a second, making its operation difficult or even impossible. Also the Trojan blocks several keyboard keys including ESC, CTRL, ALT, DEL and others. The Trojan installs itself to a system as SYSFILE.EXE into \Windows\System\ a folder and modifies the Registry to be run upon the next Windows startup. After reboot, working with an infected computer will be impossible.

Details
Trojan.Win32.SecondThought.c

Trojan.Win32.SecondThought.c has two component parts.
The first is written in Visual C++ and compressed using UPX. The compressed size is 24288 bytes, and the decompressed size - 48864 bytes.
Installation
When installing the Trojan downloads a file from http://www.2n****ought.com/files/loader.exe, saves it as stcloader.exe in the Windows system directory and registers the files as a key to enable auto-run in the system registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Payload
Once installed, the Trojan launches stcloader.exe
The second component part (stcloader.exe) is written in Visual C++ and compressed using UPX. The compressed size is 27648 bytes, and the decompressed size is 66048 bytes.
Installation
Stcloader.exe secretly installs itself in Program Files and registers itself in the system registry.
Payload
Stcloader.exe creates Second Thought.lnk on the Desktop with a link to itself, and Eliminate Pop-Ups with a link to http://www.ki****op-ups.com/block.php?ref=desktop. This causes advertising to be shown while the Internet is being used. The program collects information on which sites and resources interest the user, and sends this information to the creator of the virus. It also adds a Search tool bar to the browser.

Details
Trojan.Win32.Revop.a
This Trojan is a Windows PE EXE file and is approximately 65KB in size. It can be downloaded and launched on a victim machine by another Trojan. If Revop.a finds a file called msinet.ocx on the victim machine, it will perform the following actions: When launching, the Trojan createsall

Details
Trojan.Win32.Qhost.br
This Trojan is a Windows PE EXE file approximately 2KB in size, packed using FSG. The unpacked file is approximately 24KB in size. When starting, the Trojan modifies the %System%\drivers\etc\hosts file which is used to transform domain names into IP addresses. The worm adds the following text toall

Details
Trojan.Win32.Prondir.a
This Trojan program will open pornographic sites in the user’s browser. The body of the program includes an extensive database of addresses. The program itself is a DLL library, and is a component of another program.

Details
Trojan.Win32.NoStart

This is a program for the Windows system. Upon being executed, it stays in the system memory and performs no actions till the moment the “Start” button is pressed. At this moment, the Trojan activates its routine, which clears the screen and halts the system. Reboot is possible only by a cold reset.

Details
Trojan.Win32.Malantern.a

This is a humerous Win32 Trojan, about 24Kb in length, and is written in Visual Basic. It was received as an IEpatch.EXE Win32 executable file.
When started, it removes the “C:\WINDOWS\TEMP” directory, then creates new directories:
“C:\WINDOWS\Magic Latern”
“C:\WINDOWS\FBI software”
“C:\WINDOWS\John ASScroft”
“C:\WINDOWS\Bill Gatez”
“C:\WINDOWS\Desktop\666″
“C:\WINDOWS\Desktop\Bin Laden”
“C:\WINDOWS\Desktop\666 WTC”
“C:\WINDOWS\Desktop\Magic Fuckers”
“C:\WINDOWS\Desktop\Agentlinux”
“C:\WINDOWS\Desktop\iFuckedYourWife”
“C:\WINDOWS\Desktop\Biohazard Virii”

Then the Trojan deletes all *.SYS files in the “C:\WINDOWS\SYSTEM32\DRIVERS\” directory, and then displays the following message box:

Finally the Trojan displays the following screen:

When the “Who isall” button is pressed, the Trojan displays several message boxes with texts in them:

Details
Trojan.Win32.LoveYou

this text was written by Alexey Podrezov, Data Fellows Ltd
This Trojan, when run, shows nothing important on the screen imitating hard disk formatting and Flash Bios corruption. At the same time, it copies itself to the Windows directory and modifies the Windows registry to be run upon the next Windows start-up. It also renames WIN.COM to WIR.COM so Windows cannot be started normally any more. Even if you rename WIR.COM to WIN.COM and start Windows, the Trojan will run, repeate its activities and shutdown Windows. The Trojan also modifies some Windows settings in the registry. The only way to get rid of it is to manually delete LOVEYOU.EXE from the Windows directory (from DOS prior to Windows startup) and then rename WIR.COM back to WIN.COM.