Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
Send us feedback
Thank you for your feedback
We couldn't find the malware. Try searching for the malware you’ve encountered. If you opened this link from a Microsoft product, please
use the Feedback Hub app
to report the invalid URL.
We couldn't find the malware. We’ve returned search results instead. If you opened this link from a Microsoft product, please
use the Feedback Hub app
to report the invalid URL.
This threat is a component of Win32/Vundo - a family of programs that deliver 'out of context' pop-up advertisements. They can also download and run files.
Vundo is often spread as a DLL file and installed on your PC as a Browser Helper Object (BHO) without your consent. The family also uses advanced techniques to avoid detection and removal.
Win32/Vundo is a multiple-component family of malware that delivers "out of context" pop-up advertisements. Variants of the family may also download and run other files, including malware and adware.
Vundo is often installed as a browser helper object (BHO) without your consent, by other malware.
This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.
This threat is classified as a trojan downloader. It tries to download and install other malware or unwanted software.
Some downloader trojans target specific files on remote websites. Others target a specific URL that points to a website with exploit code that can automatically download and run software or malicious code on your PC.
More details are available in the Win32/Vundo family description.
This trojan dropper can install malware or unwanted software on your PC.
Commonly, it also installs a backdoor which gives a hacker remote access to your PC. A hacker can then upload and install other malware or unwanted software.
More details are available in the Win32/Vundo family description.
TrojanDropper:Win32/Vundo.H is a trojan that installs a variant of Win32/Vundo detected as Trojan:Win32/Vundo.gen!C. Win32/Vundo.gen!C is a generic detection for a multi-component family of programs that deliver 'out of context' pop-up advertisements to the computer on which they are installed and may download and execute arbitrary files.
Also detected as: Win32/VundoCryptorAG!generic(CA),Trojan:Win32/Vundo.JI(other)
Trojan:Win32/Vundo.HT is a variant of Win32/Vundo, a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files.
Vundo is often distributed as a DLL file and installed on an affected machine as a Browser Helper Object (BHO) without a user's consent. This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.
Win32/Vundo is a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files.
Vundo is often distributed as a DLL file and installed on an affected machine as a Browser Helper Object (BHO) without a user's consent. This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.
Also detected as: Win32/Vundo.AHO(CA),Trojan:Win32/Vundo.gen!T(other)
Trojan:Win32/Vundo is a family of malicious software that consists of executables and dynamic link library (DLL) files that deliver 'out of context' pop-up advertisements on the clients’ machines.
Trojan:Win32/Vundo.AF is a DLL component that installs itself as a Browser Helper Object (BHO), and may show pop-up advertisements on the computers in which it is installed.
Trojan:Win32/Vundo.CL is a component of Win32/Vundo - a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files.
Vundo is often distributed as a DLL file and installed on an affected machine as a Browser Helper Object (BHO) without a user's consent. This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.
Trojan:Win32/Vundo.KA is a trojan that injects itself into running processes to avoid detection. It connects to a remote server to send information about the infected computer and to possibly download and execute other files. It also terminates or modifies certain processes that may be related to antispyware programs.
Win32/Vundo is a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files. Win32/Vundo is often distributed as a DLL file and installed on a computer as a Browser Helper Object (BHO) without a user's consent. The Vundo family uses advanced defensive and stealth techniques to escape detection and to hinder removal.
This threat is a component of the Win32/Vundo family of trojans.
Vundo is often spread as a DLL file and installed on your PC as a Browser Helper Object (BHO) without your consent. The family also uses advanced techniques to avoid detection and removal.
This particular component is used to download and run files.
Trojan:Win32/Vundo.JC.dll is a detection for the DLL file component of the Vundo family that deliver 'out of context' pop-up advertisements to the computer on which they are installed and may terminate services and processes.
Trojan:Win32/Vundo.KO is a component of Win32/Vundo - a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files.
Vundo is often distributed as a DLL file and installed on an affected machine as a Browser Helper Object (BHO) without a user's consent. This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.
This particular component is used to download and execute arbitrary files to the affected computer. In the wild, we have observed Trojan:Win32/Vundo.KO downloading and installing additional Vundo components such as Trojan:Win32/Vundo.gen!AT.
Also detected as: Trojan:Win32/Vundo.gen!AP(Microsoft)
Trojan:Win32/Vundo.IG is a generic detection for a multi-component family of programs that deliver 'out of context' pop-up advertisements to the computer on which they are installed and may download and execute arbitrary files. Win32/Vundo.IG may exist on a computer as a dynamic link library (DLL) or as an executable.
Trojan:Win32/Vundo.KM is the detection for a member of the Win32/Vundo family of malware. It creates a connection to the Web site 'antassa.com'. It may also inject code into Internet Explorer, redirect searches, display advertisements, download and run files from a remote server, and send information about the infected system to a remote server.
Trojan:Win32/Vundo.K is a DLL component that installs itself as a Browser Helper Object and generates popup ads on the user's desktop. The component is injected into explorer.exe by its dropper. The ads may pop up as a visible or hidden window. Trojan:Win32/Vundo.K is packed with a modified version of UPX
Trojan:Win32/Vundo.JC is a trojan that may register itself as a BHO (Browser Helper Object) and inject itself into normal Windows processes. It may attempt to terminate certain security processes, and connect to certain servers to possibly download other malware.
Trojan:Win32/Vundo.gen!AE is a component of Win32/Vundo - a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files.
Vundo is often distributed as a DLL file and installed on an affected machine as a Browser Helper Object (BHO) without a user's consent. This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.
For more information, please see the Win32/Vundo analysis elsewhere in our encyclopedia.