CXOver.A is a malicious code that spreads using ActiveSync connections between computers with the .NET platform installed and mobile devices, such as PDAs or cell phones. When it is run, it checks if the computer is connected to a mobile device through ActiveSync and creates a copy of itself on the device. Then, if the affected mobile device is connected to another computer through Activesync, CXOver.A will sent a copy of itself to that computer. CXOver.A deletes the files from the My Documents folder on the mobile device.

Banker.CHG, is another member of the Banker family, specialized in theft of passwords for accessing online banking systems. This Trojan goes memory resident, checking the pages accessed by the user.

When the page viewed in the browser coincides with one of the URLs that Banker.CHG has stored in its code, it redirects the user to another site with the same appearance, but controlled by a hacker. Banker.CHG cannot spread automatically using its own means and therefore, needs an attacker to distribute it.

Cryzip.A is a Trojan that compresses files with a many different of extensions, including CGI, DBX, DOC, DSW, JPG, MDB, PDF, TXT, XLS, etc. in a ZIP file and password protects them. Users cannot open the files until they get the password by following the instructions left by Cryzip.A in a text file. If this Trojan has infected your computer, the password for decompressing the files is C:\Program Files\Microsoft Visual Studio\VC98.