A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.

This detection identifies a malicious program, typically used to deceive users into purchasing a fake application.

This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.

The worm is a malicious AutoCAD program that propagates via removable drives. It also attempts to download Visual Basic Scripts from remote servers, if certain conditions are met.

This detection identifies a malicious program, typically used to deceive users into purchasing a fake application.

This program installs various files onto the system. Among the components installed are: a backdoor which connects to an external site to optain updates and other settings; and a component that monitors web traffic to various search engines in China and the domains of certain antivirus (AV) vendors.

This program is packed using a packer program associated with numerous other malware.

Backdoor:W32/Zxshell.A is a DLL file with an exported function (”Install”), which is called to install the backdoor.

Rootkit:W32/Zxshell.B is dropped by Backdoor:W32/Zxshell.A and basically functions as a protection mechanism for its main payload file.

This detection was unintentionally triggered on a JavaScript file associated with Google Analytics. A Hydra exclusion for this detection (2010-12-10_01) was released at 0052 UTC on 10th December, followed by an Aquarius database update (2010-12-10_03) released at 0215 UTC which removes the detection entirely. Please ensure your database is updated to resolve this issue.