Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
Send us feedback
Thank you for your feedback
We couldn't find the malware. Try searching for the malware you’ve encountered. If you opened this link from a Microsoft product, please
use the Feedback Hub app
to report the invalid URL.
We couldn't find the malware. We’ve returned search results instead. If you opened this link from a Microsoft product, please
use the Feedback Hub app
to report the invalid URL.
This threat is a worm, which means it spreads from PC to PC. This particular worm spreads by copying itself to mapped network or removable drives. If someone tries to open that drive from another PC, their PC will be infected.
Trojan:Win32/AgentBypass.gen!K is a generic detection for a group of trojans that attempt to inject possibly malicious code into the process address space of commonly found Microsoft Windows and third-party applications.
This worm tries to steal information from a certain game, which it then sends to a remote server.
It is a worm, which means it infects or "spreads" to other computers. In this case, the worm spreads by infecting removable drives (such as USB flash drives or portable hard disks) that you have plugged into your computer. If you then plug those drives into another computer, the worm will infect that computer as well.
Click on our infographic to the right to see how a worm spreads by removable drives.
Worm:Win32/Emold.gen!C is a worm that drops a rootkit in the system to hide its malicious activities and spreads to removable drives. It is also capable of downloading additional malware onto the system from a certain website.
Worm:Win32/Mytob.RR is a mass-mailing worm that that targets computers running certain versions of Microsoft Windows and computers across a network. The worm can spread by exploiting Windows vulnerabilities that are fixed by installing Microsoft Security Updates MS03-026 and MS04-011.
The worm can spread by sending a copy of itself through e-mail, AOL Messenger, MSN Messenger, or Windows Messenger. The worm also spreads by copying itself to common shared folders for peer-to-peer file sharing applications such as Morpheus, Limewire, Emule and others. Win32/Mytob.RR has a backdoor component that connects to an IRC server from the infected computer, allowing it to receive commands from attackers.
Worm:Win32/Slenfbot.ZD is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.
Worm:Win32/Hamweq.J is a worm that spreads via removable drives, such as USB memory sticks. It may also be used by a remote attacker to order the affected machine to participate in Distributed Denial of Service attacks.
Worm:Win32/SillyShareCopy.E!inf is an "autorun.inf" file created by a worm to enable it to spread and infect other computers through network shares, removable devices and local drives.
Worm:Win32/Autorun.PQ is a worm that spreads to other drives. This worm may terminate applications, change the access control lists (ACLs) of multiple files and download additional malware.
Worm:Win32/Autorun.CS is a worm that attempts to spread by copying itself to the local computer and to removable drives. This worm modifies system settings to hide its presence.
Worm:Win32/Hamweq.T is a worm that spreads via removable drives, such as USB memory sticks. It contains an IRC-based backdoor, which may request that it participate in Distributed Denial of Service attacks.
Worm:Win32/Noxjasm.A is a worm that spreads by copying itself to all drives. It attempts to terminate certain security-related processes and prevent the use of other Windows utilities such as Task Manager.
Worm:Win32/Nuqel.Q is a worm that attempts to spread by copying itself to removable drives and network shares, and via Internet chat applications. The worm may download arbitrary files, block certain system utilities and lower security on the affected computer.
Worm:Win32/Emold.G is an encrypted executable with a file size of 38,912 bytes. It can spread via removable drives, be spammed to users as an e-mail attachment, or distributed from malicious Web sites. It is capable of downloading arbitrary files, including other malware, from a specific Web site.
