Virus:Win32/Expiro.AB is the detection for a virus that infects EXE files in all drives and collects user credentials from an infected computer. It also allows backdoor access and control to the infected computer, and lowers Internet Explorer settings.

Trojan:Win32/Tobfy.A is a ransomware that prevents you from accessing your desktop by covering the desktop with a certain image.

VirTool:Win32/DelfInject.AB is a generic detection for malicious files that are obfuscated using particular techniques to protect them from detection or analysis.

Exploit:JS/ShellCode.AB is a generic detection for JavaScript objects that construct shellcode. These scripts may be embedded within other document files such as specially-crafted .HTML files that are uploaded to certain websites.

VirTool:Win32/CeeInject.AB is a generic detection for malicious files that are obfuscated using particular techniques to protect them from detection or analysis.

Win32/Mydoom.AB@mm is a mass-mailing worm that sends itself to e-mail addresses it finds on the infected computer.

VirTool:Win32/VBInject.gen!AB is a generic detection for malicious files that are obfuscated using particular techniques to protect them from detection or analysis.

TrojanDownloader:Java/OpenConnection.AB is a trojan Java applet that could allow the downloading and execution of arbitrary malicious files.

Trojan:Win64/Sirefef.AB is a component of the Sirefef multi-platform rootkit, related to Win32/Sirefef. Sirefef is multi-component malware family that modifies search results when you search for something on the Internet and generates pay-per-click advertising revenue for its controllers. This particular component clicks on links supplied by a remote attacker to generate revenue.

This dynamic-link library (DLL) file is dropped by variants of Backdoor:Win32/Berbew. See the parent variant list for more information.

Backdoor:Win32/Berbew.AB is a backdoor Trojan that is downloaded onto systems by another downloader Trojan that is sent in e-mail. Backdoor:Win32/Berbew.AB retrieves locally cached passwords and sends them to a Web site. It also opens certain ports.

Backdoor:Win32/Gaobot.AB is a backdoor Trojan that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Worm:Win32/Nuqel.AB is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new machines. Commonly, worms may spread directly by copying themselves to removable or network drives, or by attempting to exploit particular vulnerabilities on targeted machines. Worms also often attempt to spread via platforms that require user interaction in order to run. They may send themselves as an attachment to an email or an instant message, or send a link to a copy of themselves in the body of a message. In these cases the message needs to be convincing enough to encourage the victim to click on the link or attachment and run or download a copy of the worm.

Microsoft Defender Antivirus detects and removes this threat.

This threat can perform a number of actions of a malicious hacker's choice on your PC.

Learn more about this type of threat: Invisible resource thieves: The increasing threat of cryptocurrency miners

TrojanDownloader:Win32/Waledac.AB is a member of Win32/Waledac - a family of trojans that collects email addresses found on the computer on which it is installed and distributes spam email messages. Win32/Waledac may also try to contact different websites for posting data and downloading arbitrary executable files.

Win32/Randex.AB.worm is a network worm that targets computers running certain versions of Microsoft Windows. The worm generates and scans IP addresses randomly to attempt to spread to writeable network shares that have weak passwords. The worm also has backdoor capabilities that allow attackers to control an infected computer through an IRC channel.

Worm:Win32/Sohanad.AB is a member of Win32/Sohanad - a family of worms that may spread via removable or network drives and particular messenger applications. It may also modify a number of system settings to facilitate its actions on an affected computer, and contact a remote host.