Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
500 entries found.
Displaying page 1
of 25.
Backdoor:Win32/Smadow.gen!B
Backdoor:Win32/Smadow.gen!B is a generic detection for malware that can perform different actions, such as executing other malware. The executed malware may be detected as TrojanDropper:Win32/Sirefef.B or Trojan:Win32/Sirefef.
Alert level:
severe
Trojan:Win32/Agent!246A
Trojan:Win32/Agent!246A is an Internet Explorer Browser Helper Object (BHO) implemented as a DLL plug-in that allows attackers to customize and control Internet Explorer.
Alert level:
severe
Trojan:Win32/Mywife.E!CME24
Win32/Mywife.E@mm is a mass-mailing network worm that targets certain versions of Microsoft Windows. The worm spreads through e-mail attachments and writeable network shares. It is expected to corrupt the content of specific files on the third day of every month.
This threat has been assigned CME identifier CME-24. It will be detected as Win32/Mywife.E@mm!CME-24.
Alert level:
severe
Trojan:Win32/Goweh.A
Trojan:Win32/Goweh.A is a Trojan that alters several settings in Internet Explorer, changing the home page and redirecting search queries and traffic to other Web pages. Win32/Goweh.A is usually installed by another Trojan dropper or downloader.
Alert level:
severe
Trojan:Win32/Apropos.B
Trojan:Win32/Apropos.B is a Trojan that may be installed by Trojan dropper Trojan:Win32/Apropos.B.dr on computers running Microsoft Windows. The Trojan dropper also installs rootkit VirTool:WinNT/Zufyx.A, which hides Trojan:Win32/Apropos.B. Trojan:Win32/Apropos.B connects to certain servers from the infected computer to receive commands from attackers.
Alert level:
severe
Trojan:Win32/Alureon.gen!B
Trojan:Win32/Alureon.gen!B is generic detection for a trojan that may help an attacker intercept inbound and outbound Internet traffic from the host computer. This may allow an attacker to capture confidential information such as user names, passwords, and credit card data. The trojan may also enable an attacker to transmit malicious data to the infected computer. Trojan:Win32/Alureon.gen!B may modify DNS settings on the host computer to enable the attacker to perform malicious tasks. Therefore it may be necessary to reconfigure DNS settings after the trojan is removed from the computer.
Alert level:
severe
Trojan:Win32/Agent.B
Trojan:Win32/Agent.B is a Trojan that redirects Web traffic and manipulates certain Windows applications. Trojan:Win32/Agent.B may install other unwanted software, or may be bundled with other unwanted software.
Alert level:
severe
Trojan:Win32/Tibs.DV
Trojan:Win32/Tibs.DV is a Trojan that allows unauthorized access to an infected computer. The Trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This Trojan also contains advanced stealth functionality that allows it to hide particular files, folders and processes.
Alert level:
severe
Trojan:Win32/Vulgar.A
Win32/Vulgar.A is a file infector that may overwrite files on local or mapped drives.
Alert level:
severe
Trojan:Win32/Bube.G
Trojan:Win32/Bube.G is a Trojan that lowers security settings stored in the registry, attempts to download programs from a remote Web site and disables features in the Windows Security Center.
Alert level:
severe
Trojan:Win32/Nsag.B
Win32/Nsag.B is a data-stealing Trojan. The Trojan is created when certain code is injected into wininet.dll, which is a Windows system file. When a user tries to send data to a Web site, code in Win32/Nsag.B may cause code in another malicious DLL on the computer to capture the user data and send it to an attacker.
Alert level:
severe
Trojan:Win32/Valla.2048
Win32/Valla.2048 is a virus that appends itself to executable files on an infected computer.
Alert level:
severe
Trojan:Win32/Delf.M!CME-96
Trojan:Win32/Delf.M!CME-96 is a user-mode rootkit that hides its own presence on the system, as well as hiding the presence of other malicious software to which it may be associated.
Alert level:
severe
Trojan:Java/Classloader
Trojan:Java/Classloader is a malicious Java applet that exploits a vulnerability in certain unpatched versions of Microsoft virtual machine (Microsoft VM). Details on the vulnerability can be found in Microsoft Security Bulletin MS03-011 at http://www.microsoft.com/technet/security/Bulletin/MS03-011.mspx
Alert level:
severe
Trojan:HTML/Bankfraud.M
Trojan:HTML/Bankfraud.M is generic detection for email that contains malicious links to known phishing sites. Phishing sites are designed to look like legitimate bank or ecommerce sites. Users who visit these sites and enter their login credentials risk having their credentials exposed to attackers.
Alert level:
severe
Trojan:Win32/Startpage.TC
Trojan:Win32/StartPage.TC is a browser-modifying Trojan that targets certain versions of Microsoft Windows and Internet Explorer. The Trojan changes the current Internet Explorer settings, specifying a different Web site as the home page or search page.
Alert level:
severe
Trojan:Win32/Goweh.C
Trojan:Win32/Goweh.C is a Trojan that alters several settings in Internet Explorer. It changes the home page and redirects search queries and traffic to other Web pages. Win32/Goweh.C is usually installed on a computer by another Trojan dropper or downloader.
Alert level:
severe
Trojan:Win32/Adialer.OP
Trojan:Win32/Adialer.OP is a Trojan dialer that connects to remote hosts without user consent. The Trojan consists of an installer, and an installed DLL, identified as Trojan:Win32/Adialer.OP!dll. The Trojan may connect to a remote Web site to download data, and may connect to UDP ports 3010 or 3011.
Alert level:
severe
Trojan:Win32/Stresid
Trojan:Win32/Stresid downloads files from remote websites, may install as a browser helper object (BHO), and displays pop-up advertising on affected users’ systems. Some variants of Trojan:Win32/Stresid have been bundled with rootkits that hide its presence on the system. Trojan:Win32/Stresid drops a randomly named executable to the temp directory and a randomly named dll to the Windows directory.
Alert level:
severe
Trojan:IRC/WinBot
Trojan:IRC/WinBot opens a backdoor on TCP port 113 and UDP port 30167, connects to an IRC channel, and downloads and installs other files. Trojan:IRC/WinBot also includes keylogger capabilities. Some variants of Trojan:IRC/WinBot include the Win32/Parite virus, possibly as a result of cross-infection. Win32/Parite infects portable executable files on local drives and accessible network shares.
Alert level:
severe