Specific Virus Information

How to search this page for the virus you're looking for

In your browser, click the Edit menu, then Find, then type the name of the virus you're looking for, then click Find Next. It may help to search for the main part of the name. For example, instead of looking for W32.CIH.SPACEFILLER, try looking for just CIH. Instead of looking for X97M/Laroux.A, look for Laroux.

If you've searched and can't find the virus you're looking for, or you need more help, then mail me. Also try checking the Message Forum

10_Past_3.748: This is a usually a false alarm.
Absolutely Bogus Printer Driver: This is not a virus. It is a bug in your program.
Alfons.1344: This is a very destructive memory resident file infector.
AntiBTC(IE0199.EXE, ATAKA.gen): This is a trojan that adds itself so it runs every time the computer starts and connects to a Bulgarian Web Server.
AntiCMOS(Lixi, Lenart, Anti-CMOS): This is a boot sector virus. This virus tries to change CMOS values but fails because of a programming error.
AntiEXE(D3, Newbug, CMOS4): This boot sector virus disables the execution of some EXE file. Unfortunately, no one knows what it is.
Anxiety(W95/Anxiety.1823): This is a Windows memory resident infector. Sometimes files are corrupted while infecting them.
Appder(HTTHNTA, WM/Appder): This is a macro virus. This virus stores a counter. When it reaches 20, \windows and \windows\system are deleted.
APSTrojan(Trojan.AOL.PS, AolPSTrojan.gen, Backdoor.Note, Picture.EXE, URLsnoop, AOL_PS1 trojan): These are programs that try to steal your password by masquerading as something else to get the user to run them. Then they steal your password (and often other information as well), and mail it to someone else.
AOL4FREE: This is a hoax.
Autostart-9805: These are PowerPC worms. They create files and use QuickTime AutoPlay to get the new files to run. Some of them corrupt certain types of files.
Back Orifice(Trojan.Win32.BO, cDc, TROJ_BOSERVER, Backdoor.BO, Orifice.srv, Trojan.BackOrifice, CDC.BO.A, Win32.Back_Orifice.trojan, W95/Back_Orifice.trojan, WINDLL.DLL, BOSERVE.EXE, Orifice.dll, TROJ_BOWINDLL, Orifice.svr): This is not a virus. It is a program that gives someone control over your computer. You have to run it for someone to control your system with it. More information is available.
Backdoor(Hack'a'tack 1.2, BackDoor-G): These are programs like Netbus or Back Orifice that give someone else control over your computer. More information is available.
Bad Times: This is a hoax.
Bandung(WM/Bandung): This is a macro virus. Depending on the date, it tries to delete files.
Beethoven: This is a tune that the ROM BIOS plays when the fan isn't working. Some people identify it as Fur Elise.
BIOSPASS: This is usually a false alarm.
Blankey.STCN: This is usually a false alarm.
Bleah: This is a simple boot sector virus.
Blee(W97M.Blee, Blee.Poppy): This is a Word macro virus. With a 1-in-100 chance it replaces "he" with " ** The Mighty Blee ** ". With a 1-in-100 chance it displays a graphical payload.
Bloodhound(BloodHound.Boot.String): These are Norton's way of saying a file might be infected with an unknown virus. Consider the possibility of a false alarm.
Boot-437(Boot.a, Bath): This virus infects the DOS Boot Record, not the Master Boot Record. SYS C: will work on this virus.
BootDr16: This is usually a false alarm.
Boza(Win95.Boza, W95/Boza): This is a Windows 9x virus. It is buggy and unlikely to spread. This is usually a false alarm.
Brenda(W97M/Brenda.A, W97M/LMN.A): This is a Word macro virus. More information is available.
Bud Frogs(BUDSAVER.EXE, BUDDYLST.ZIP, BUDDY1ST.ZIP, BUDWEISER, The Budweiser Frogs): This is a hoax.
Burglar.1120(GranGrave.1120): This is an EXE infecting virus. It doesn't have any payload. It doesn't infect files with V or S in the name.
Caligula(W97M/Caligula.A): This is a Word macro virus. More information is available.
CAP(WM/CAP.A, WordMacro/Cap, Macro.Word.Cap): This is a Word macro virus. More information is available.
Cartman(W97M.Cartman, Cartman.Poppy): This is a Word macro virus. It links to a SouthPark website. It displays a box with the message "You Killed Kenny, You Bastard!" and "The Narkotic Network".
Casper: This is usually a false alarm.
Chack(W97M/Chack.A): This is a common Word Macro virus. It deletes macros that aren't part of itself. Depending on the variant and date, it displays a dialog box.
Cheval trojan(Sockets de Troie, Cheval de Troie, HLLP.Detroie, HLL.TCV): This is a very large virus written in Delphi. It can create back doors like Back Orifice or Netbus.
CIH(Win95.CIH.1019, Win32.CIH, W95.CIH-10xx, W95/CIH.1019, W32.CIH.SPACEFILLER, W95.CIH.1075, PE_CIH V1.2, Win95/CIH.1003, W95/CIH.1003, sometimes misspelled: CHI, CEH, CLH, HIC, SIH, CIN, CH, SPACEKILLER, SPACE FILLER): This virus infects PE files under Windows 9x without increasing their size. On certain dates attempts to corrupt the BIOS. If it succeeds in corrupting the BIOS, your computer won't be able to do a thing. It does NOT infect the BIOS. More information is available.
Class(Class.Poppy, Macro.Word97.Class.d, W97M/Class.B, MSOFFICE-CLASS.B, W97M/Class.D, WM8-Class.B, Macro.Word97.Class.q, W97M/Class.Q): This is a Word macro virus that infects Word Classes so it is not visible in the Organizer. More information is available. Download a cleaner for it.
ColdApe(W97M/ColdApe): This is a Word macro virus. More information is available.
Concept(WM/Concept.A): This is a common Word Macro virus.
CopyCap(WM/CopyCap.B): This is a Word macro virus based on CAP.
Countdown.1300(VCL.Countdown.1300, Roetvirus): This is a obvious non-resident COM infector. Depending on the date, it displays some messages and erases disk sectors.
Cracker.DAO: This is usually a false alarm.
Crazyboot: This is a dangerous boot sector virus.
Cybercide: This is usually a false alarm.
Deep Throat: This is a program like Netbus or Back Orifice that gives someone else control over your computer. More information is available.
Deeyenda: This is a hoax.
Delwin.1759(Goblin.1759): This is a multipartite (file and boot sector) virus. Sometimes it flips the screen.
DIR-II: This is usually a false alarm.
Dmsetup(Worm.MircDropper, Worm.DmSetup.d, MIRC/GERR.EXE, Dmsetup2.IRC.Trojan, DMsetup2 4.2, HLLO.DM_Setup.C, HLLO.Dmsetup.C, mIRC/Dmsetup, HLLO.Minuet, Shape Shifter): This is a mIRC worm.
Drugs(WORD_DRUGS.A-Z): This is a German Word macro virus. If it's not in a Word document, this is a false alarm.
DUNpws(Trojan.PSW): These are programs that try to steal your Dial Up Networking password by masquerading as something else to get the user to run them. Then they steal your password (and often other information such as ICQ numbers as well), and mail it to someone else. Note: DUNpws.c was a common false alarm (all other DUNpws variants are very likely correct detections).
Dzt(WM/DZT.A): This is a Word Macro virus that sets the Comments in File Summary Info to "DZT".
Edds(W97M.Edds, EddsHead): This is a Word macro virus. It contains text such as "EddsHead", "Produced by,", "The VicodinES Macro.Poppy Construction Kit v1.0b", "Code Written by VicodinES "Live for Now"", "Poppy ID : 24421479963", "Your Computer Has The Edds Head Virus", "I Hope You Got Your Girlfriend Something Nice !", "Birthday Greeting!!!", and "England Rules...."
Eddy: This is usually a false alarm.
EICAR_Test(EICAR_Test_File, Standard_AV_Test_File): This is not a virus. It is a program to test your antivirus program's installation. When run, it will display a message and exit.
Ethan(W97M/Ethan.A, Macro.Word97.Ethana, WM8.Eithan): This is a Word macro virus. More information is available.
ExploreZip(I-Worm.ExploreZip, W32/ExploreZip.worm): The worm spreads via e-mail via an attachment called zipped_files.exe. It destroys certain types of files by reducing them to zero bytes, and attempts to infect Windows machines across a network by modifying their WIN.INI files.
Extras(Macro.Excel97.Extras, X97M/Extras.A): This is an Excel macro virus. It uses many tricks to make analysis difficult. Depending on the date and random numbers, it changes menus and toolbars.
Fax_Free.1536.New.A1: TD.1536 is sometimes misreported under this name.
Flashing IM: This is a hoax.
Flip: In addition to infecting MBR, this virus also infects COM and EXE files. These must be cleaned as well.
Footer(W97M/Footer.A, W97M/Footprint, Footnote): This is a Word macro virus. More information is available.
Form: This is a simple boot sector virus. This virus infects the DOS Boot Record, not the Master Boot Record. SYS C: will work on this virus.
Generic: This is usually a false alarm.
Geschenk(CokeGift.exe, Win95.NCS, JOKE_GESCHENK): This is not a virus. It is not destructive. It is a Joke program which opens the CD-ROM. More information on jokes.
Ghost: This is an ordinary screen saver, not a virus.
Good Times: This is a hoax.
Groov(Macro.Word97.Groovie, W97M/Groov.A): This is a Word macro virus. It displays a message saying "It's GROOVIE!". It also steals the User Name, Initials and IP Configuration and sends them to complex.is.
Happy Birthday: This is not a virus. It is a tampered BIOS. Contact your BIOS manufacturer.
Halfcross(W97M/Halfcross.A): This is a Macro virus that crosses between Word and Excel.
Hare: In addition to infecting the MBR, this virus also infects COM and EXE files. These must be cleaned as well. This virus is mostly hype. This virus is polymorphic.
Heathen(W97M/Heathen): This is a cross between a Word 97 macro virus and a Win 95 virus. It searches the hard disk and can infect Word 97 documents without having to open them in Word.
Hellraiser: This is usually a false alarm.
Helper(WM/Helper.A): This is a Word Macro virus that puts the password "help" on documents on the tenth of the month. More information is available.
HLL viruses(HLLO.4891, HLL.Lcamtuf.3888, HLLO.3039, HLL.ow.2827, HLL.cmp.8086, HLLC.4870, HLLP.Asea): These viruses are written in a High Level Language such as Pascal, Basic or C. Since they consist mostly of "canned code", it is much harder to select a "signature" that won't cause false alarms.
Hopper(X97M/Hopper, VBS/Hopper, W97M/Hopper): There are several macro viruses in this family which "hop" from one form to another. So far, they infect Excel 97, Word 97 and VBScript, or some combination. There is also a possibility if you're using NAI that it is picking up a remnant or new variant of Tristate as a variant of Hopper, which isn't surprising because Tristate is based on Hopper.
HPS(Win95.HPS.5124, W95/Hanta-PS, W95/HPS.5124): This is a polymorphic Windows 9x virus. It flips BMP files and only BMP files on Saturday.
HTML.Internal(VBS/Internal): These viruses infect HTML files and replicate using VBScript. However, in their current form, they cannot be considered realistic threats.
Inca(W95/Fono, Win95.Fono.dr): This is a polymorphic, memory resident, multipartite PE virus. It also adds droppers to six types of archives, and adds backdoors to mIRC.
Invisible_Man.3223: This is usually a false alarm.
INT-CE(CE, INTCE, Padanian Warrior): This is a boot sector virus. It uses sophisticated stealth techniques. After about 80 boots, it erases disk sectors.
IRC(mIRC_Worm.Simpsalapim, mIRC/Simpsalapim, mIRC/Jeepwarz): These are IRC Worms.
Irena(Irina): This is a hoax.
Israeli Boot(Falling Letters): This is usually a false alarm.
Java: So far there a no Java or Javascript viruses that you can get surfing the web so any claims about there being Java or Javascript viruses you get from surfing the web are hoaxes.
Jerusalem: This is one of the oldest viruses. It isn't as common as it used to be. There are many variants of this virus. Some of them try to delete files on certain days.
Jesus(It Takes Guts to Say "Jesus"): This is a hoax.
Join the Crew: This is a hoax.
Joke.Win.Stript(Scared): This is not a virus. It is not destructive. It is a Joke program which pretends to format the hard drive. More information on jokes.
Joke.Win.Stupid(JOKE/DE_BUG, NE_SMALL_JOKE, SmallP): This is not a virus. It is not destructive. It is a Joke program which displays a silly dialog box. More information on jokes.
JOKE_WOW(Win95.Onlygame, Joke.Win32.Jep/Russ): This is not a virus. It is not destructive. It is a joke program which pretends to delete all the folders on the hard drive. More information on jokes.
Jumper(Jumper.B): A boot sector virus that spreads from computer to computer only under certain conditions. It does not set off Win 95's boot sector virus protection.
Junkie(DrWhite, Junkie.mp.102x): In addition to infecting MBR, this virus also infects COM files. Under Windows 95/98 COMMAND.COM will be inoperable until it is disinfected.
JV/Ungrateful: This is usually a false alarm.
Kaczor(Kaczor.mp.GR, Pieck.4444.a): In addition to infecting MBR, this virus also infects executable files.
Kampana(AntiTel, Telefonica, Telecom, Span Tel): This boot sector virus will erase disk sectors after 400 boots.
KBUG1720: This is usually a false alarm.
Kilo_B(WORD_KILO.B): This is usually a false alarm. More Information
Kiss of Death: This is not a virus. It is the error message you get if you try to log into some mail servers while already logged in.
KLOO-0: This is a hoax.
Krile(HLLT.KRILE.4569): These are non-resident infector. They don't have a deliberately harmful payload, but repairing infected files can be difficult or impossible.
Lamers: This is usually a false alarm.
Laroux(XM.Laroux, X97M/Laroux, PLDT, MSOffice.Foxz): This is an Excel Macro virus. It infects Excel Workbooks by adding a hidden sheet. It adds a file called PERSONAL.XLS to the XLSTART directory. Other variants of Laroux use CAR.XLS, RESULTS.XLS, PLDT.XLS, BINV.XLS, NEGS.XLS, SHIT.XLS, SGV.XLS, VERA.XLS and others.
Lcamtuf.3888: This is usually a false alarm.
Linux: This are several viruses for Linux such as Bliss, Staog, Vit, Module, and VLP. None of them are destructive, and a couple try to circumvent the security of Linux.
Lunch(Concept.e, WM/Lunch.A): This is a Word macro virus. At 12:01 PM it displays the message "Whatya doin' here? Take a lunch break!"
MADISMO.OW: This us usually a false alarm.
Manzon: This is a polymorphic file infecting virus.
Marburg(Win95.Marburg.a, Win32.Marburg, W95/Marburg.8582, W95/Marburg.8590, "Red Circle"): This is a polymorphic Windows 9x virus. It was distributed on a PC Gamer CD and in a program called NukeLab.
Marker(W97M/Marker.C, WM8-BluePlanet, Spooky.C, W97M/Marker.gen, Shankar): This is a Word macro virus. More information is available.
Melissa(W97M/Melissa.A, W97M.Mailissa): This is a Word macro virus. More information is available.
MDMA(WM/MDMA.A): This is a very destructive Word Macro virus.
Michelangelo(Stoned.March6, Stoned.Michaelangelo): This boot sector virus will erase disk sectors on March 6th. This virus is mostly hype.
Mnemonix: This is usually a false alarm.
Moloch(Molloch): This is a polymorphic boot sector virus.
Monica Joke: This is not a virus. It is not destructive. More information on jokes.
MP3 virus: This is a hoax.
MtE Encrypted(DAME, MtE.Insuff, MtE.Pogue): This is usually a false alarm.
Mummy(Jerusalem.Mummy): This is usually a false alarm.
Natas: In addition to infecting MBR this virus also infects COM and EXE files and possibly files with other extensions as well. You may want to have your antivirus program checks all files. This virus is polymorphic.
Netbus(Trojan.Win32.Netbus.160, Net.bus.trojan, WIN32.NETBUS.160.TROJAN, Backdoor.Netbus.170, Trojan.W95/NetBus.153.Trojan, Troj_Netbus.160a, Netbus.srv, NetBus 1.6, Netbus.svr): This is not a virus. It is a program that gives someone control over your computer. They can even open and close your CD-ROM. You have to run it for someone to control your system with it. More information is available.
Neuroquila: In addition to infecting MBR this virus also infects COM and EXE files and possibly files with other extensions as well. These must be cleaned as well.
Nono(W97M/Nono.A): This is a Word macro virus. Depending on the system time, it displays a simple animation.
Nottice(W97M/Nottice.A): This is a Word macro virus. On December 13, it creates a new document and inserts the text "IMPORTANT NOTTICE!" in large letters.
Npad(WM/Npad.A): This is a Word macro virus. After replicating 23 times, it scrolls the text: "D0EUNPAD94, v.2.21, (c) Maret 1996, Bandung, Indonesia" More information is available.
NYB(B1, Stoned.i, SVK, Generic_408): This is a simple boot sector virus that isn't deliberately destructive but is so badly written, this virus could cause the computer to crash.
One_Half.3544(Freelove, Onehalf): Under certain versions of DOS, this virus encrypts the two last tracks every time the computer is started up. It will encrypt up to half of the hard disk. You should *not* use FDISK /MBR if you suspect a One_Half infection. In addition to infecting MBR, this virus also infects COM and EXE files. These must be cleaned as well. This virus is polymorphic.
Open Very Cool: This is a hoax.
Orni.5712: This is usually a false alarm.
Overboot(Encephalyt): This simple boot sector virus does not save the original MBR.
Padania.1335(W95/Padania.1335): This is a polymorphic Windows 95 virus. Sometimes it infects files in a way that cannot be repaired.
Paix(XF.Paix): This is an Excel Macro virus. It infects Excel Workbooks using Excel 4 style macros. It uses a sheet called XLSHEET.XLA
Parity_Boot: This boot sector virus displays the message "PARITY CHECK" simulating a hardware failure.
Parvo(W32/Parvo): This is a polymorphic Windows 95 virus. Sometimes it tries to transmit itself over e-mail.
Penpal Greetings(PENPALS): This is a hoax.
Phantom: This is usually a false alarm.
Phase-0: This is a program that give someone else control over your computer. More information is available.
PKZ300B: This is a hoax.
PMBS: Stealth_Boot is sometimes misreported under this name.
PolyPoster(WM/Agent, Polypost): This is a polymorphic Word Macro virus. It attempts to spread by using Free Agent to post in newsgroups. If you don't have Free Agent, it still spreads like a normal macro virus.
Poppy(VicodinES, Vicodin): There are several viruses in this family. Strong.Poppy and Crash.Poppy are memory resident DOS viruses. Damn.Poppy, Skim.Poppy(a.k.a Skim.1455), and Crash.Poppy are Windows 3.x viruses. Anxiety.Poppy.1536 is a Windows 95 virus.
PSD(W97M/Pri.B, Macro.Word97.Psd): This is a macro virus. More information is available.
PP97M/Attach.A(Powerpoint macro virus):This virus only infects Powerpoint macros that contain forms. It is not likely to spread at all.
QDel: These are several trojans that mostly delete files using the Deltree command.
QFat: These are several trojans that mostly erase sectors using the int 13h or int 26h commands.
Redteam(Win.RedTeam.4766): This is a Windows virus that attempts to spread itself by spreading a message about a Red Team hoax. It spreads using Eudora automatically, but you still have to run the attachment.
Remote Explorer(WinNT.RemExp): This is a Windows NT only virus. It has been seriously overhyped.
Rescue: This is usually a false alarm.
Returned or Unable to Deliver(Returned Mail): This is a hoax.
Ripper(JackRipper): This virus swaps around some bytes in about 1 in a 1,000 disk writes. There is no way to find out what has been damaged. You should reinstall all your software to be sure that it is not corrupted and check over your data carefully before you use it for anything.
Romeo_Juliet: This is usually a false alarm.
Russian New Year Exploit(Excel CALL Vulnerability): This is a security hole in excel that allows malicious code to be executed without any warning. There are no confirmed reports of this hole being exploited.
Sampo(Turbo, Wllop): This virus will sometimes trigger and display a box on the screen about the virus.
Sattelite(W97M/Satt.A, W97M/Sat.b, W97M/Walker.D): This is a Word macro virus. It keep part of its body encrypted. More information is available under Walker.D.
Shakespeare.Macbeth.753: This is usually a false alarm.
Sharefun: This is a boring Word Macro virus with only one interesting feature. It tries to send itself by E-Mail using an old, obsolete version of MS Mail, and often fails to do even this. If Microsoft Mail isn't running when the virus runs, it exits Windows. This makes it very obvious and unlikely to spread.
ShowOff(Ofxx, WM/Showoff.C): A word macro virus. with three macros.
SHS(SOUTH.SHS, UPGRADE.SHS, SECRETZ2.SHS, SASSY.SHS): SHS files are Scrap Object files that can contain practically anything. If you double click on one, you could release a virus or trojan horse.
Sic(XF/Sic, XL4Poppy): This is an Excel Macro virus. It infects Excel Workbooks using Excel 4 style macros.
Silodeath: This is usually a false alarm.
Sin(W97M/Sin.A): This is a Word macro virus. Depending on the system time, it tries to trash the hard disk.
Ska(Win32/Ska.A, HAPPY99.EXE, I-Worm.Happy, TROJ_SKA, Happy 99, W32/Ska.exe, W32/Ska.dll, W32/SKAWORM, W95/Ska.10000.worm): This is an Internet worm/virus. More information on this.
Slimline: This is usually a false alarm.
Slovak.3584: This is usually a false alarm.
SMEG: This isn't actually a virus. It is an add-on tool to make a virus polymorphic. There are at least three viruses that use it: Queeg, Pathogen, and Trivial. Sometimes this is a false alarm.
Spanska(NoPasaran, Cosmos, Mars Land, Elvira): This is an obvious viruses with a graphic payload. They have been spread in crack, warez and sex newsgroups. Spanska.4250(Elvira) is a resident COM and EXE infector. Spanska.1500(Mars Land) is a non-resident COM and EXE infector. The rest are non-resident COM infectors.
Stealth_Boot(Stealth_C): This virus is a boring stealth boot sector virus.
Steroid(W97M.Steroid.A, Steroid.Poppy, WM8.Steroid): This is a Word macro virus. It contains messages like "Can I have a bottle of warm Diet Mountain Dew?", "VMPCK v2.0 Beta / SR-1 Compatable", "Shout Out! ...Slage Hammer, Spanska and the entire _Kim_Liberation_Army_", and "W97M/Steroid.Poppy". It also does some vulgar things like changing the label of the hard drive to "testicle".
[Stoned.][Empire.]Monkey(Monkey_B, MonkeyB, Monkey2, sometimes misspelled Stoned.Temple.Monkey.B, Stone.Monkey): This virus encrypts and relocates the Master Boot Record. In case you ever need to know, it moves the original to sector 0,0,3 and uses XOR 2Eh to encrypt the original Master Boot Sector. You should *not* use FDISK /MBR if you suspect a Monkey infection.
Stoned.Noint: This virus is a simple boot sector virus. It is semi-stealth and has no destructive payload.
Stoned.Spirit: This virus is a simple boot sector virus. It is semi-stealth and has no destructive payload.
Story(W97M/Story.A, W97M.IRCJack): This is a macro virus. More information is available.
Strange Brew(Java.StrangeBrew): The Strangebrew virus infects Java Class(CLA) files. Since most people don't share CLA files, it cannot be considered a realistic threat.
Strezz(WORD_STREZZ.A-Z): This is a Word macro virus. If it's not in a Word document, this is a false alarm.
Stupid(Win32.Stupid): This is a virus written in Visual Basic. Consider the possibility of a false alarm.
Sugar(X97M/Sugar.Poppy): These is an Excel macro virus that infects Excel classes like W97M/Class.
SUHDLOG.DAT: This file is not capable of storing an infectious virus. More information on this.
Swlabs(WM/Swlabs.A, W97M/Swlabs.B): These are Word macro viruses created with a Word Macro Virus construction kit. Some of them change the data in the File Summary Info.
TD.1536(Meth.1536, Bap.mp.1536, Baphometh.1536, ENUNS.1536): This virus infects COM files, EXE files, Master Boot Record of Hard Drive and DOS Boot Records of floppies, and deletes HSFLOP.PDR. More information is available.
Temple(WM/Temple.A, W97M/Temple): This is a Word macro virus. It gets its name because it uses so many Temp variables.
TEMPEST.TEM: This is not a virus. Some Quantum Fireball drives have "TEMPEST" written to empty space in the drive. Normally it is not visible, but if there is some kind of corruption the word TEMPEST will be visible.
Tequila(Tequila.b.mbr): In addition to infecting MBR, this virus also infects EXE files. These must be cleaned as well.
Terror 2: This is usually a false alarm.
TPE.Civil War.561: This is usually a false alarm.
Tremor: This virus is polymorphic. It tries to avoid detection by certain antivirus programs. Sometimes it displays "TREMOR was done by NEUROBASHER" or shifts the screen.
Trinia: This is a hoax.
Tristate(O97M/Tristate.Variant, W97M/Tristate.gen, X97M/Tristate.C, PP97M/Tristate, Triplicate): These are macro viruses that cross between Word 97, Excel 97, and PowerPoint 97.
Trivial: These are extremely obvious, very small, non-memory-resident viruses. They do not preserve the original host. This is usually a false alarm.
Type_Com(Type_ComExeTsr, Type_ComExe, Type_ComTsr, Type_ExeTsr, Type_Boot, Type_Trojan, Type_Win32): These are AVP's way of saying a file might be infected with an unknown virus. Consider the possibility of a false alarm.
UAVP Gosub Par: This is usually a false alarm.
Uglykid(WM/Ugly, Winword.Uglykid, Nasty): A word macro virus that is polymorphic. It sets the user name to "nasty". Consider the possibility of a false alarm.
Ultra Cool(UltraCool Joke): This is a Joke Program. It is not actually harmful or infectious.
Urkel: This simple boot sector virus encrypts the original MBR.
Uruguay: This is usually a false alarm.
vbVirus(W95.vbVirus): This is usually a false alarm.
VBA.EXPORT.SYS(CLASS.VBA.EXPORT.SYS, VBA.CLASS.GEN.EXPORT, VBA.CLASS.CODE, W97M/Class.src.d): Most of today's Word macro viruses. use a temporary file to copy their code to other documents. Mcafee will usually call this temporary file VBA.EXPORT.SYS. You should delete the file that is detected but you'll still have to remove the macro virus that created this file. Sometimes this is a false alarm on a clean VBA program. If in doubt, you can leave this file, since it's not infectious.
VCS: This is usually a false alarm.
Virogen(Asexual): This is usually a false alarm.
VMPCK(W97M/VMPCK.gen): This is a Word macro virus construction kit. There are many different viruses created with this kit.
V-Sign(Cansu, Sigalit): This boot sector virus displays a large "V" after infecting 64 disks.
Walker(W97M/Walker.B): This is a macro virus. More information is available.
Wazzu(WM/Wazzu.A, W97M/Wazzu.A, Meat Grinder, sometimes ZZU or AZZU by McAfee): A word macro virus that inserts the text "wazzu" and swaps words around. Not all variants do this however.
WEED.5850.D (1): This is usually a false alarm.
WelcomB(Buptboot, Bupt9146, Beijing): This boot sector virus contains the text: "Welcome to BUPT 9146,Beijing!"
Win a Holiday: This is a hoax.
WinNuke(Trojan.WinNuke.a, Trojan.Win32.Nuker.a, Trojan.Win32.Nuker.b, Trojan.Win32.Nuker.c, Trojan.Win32.Nuker.d): This is a program that can cause other people's Windows to lock up with a blue screen.
Wobbler(Wobbling, Wobble, California): There are two things with this name. The first is a hoax. The other is a joke program that wobbles windows.
Word_Kilo.B:This is usually a false alarm. More Information
WZ: This is usually a false alarm.
Yankee Doodle: This is a resident COM and EXE infector. Sometimes it plays a tune.

Virus Page
You are visitor number