Published Feb 01, 2011 | Updated Sep 15, 2017


Severe |Detected with Windows Defender Antivirus

Aliases: Trojan.MSIL.Petun.a (Kaspersky) Mal/MSIL-BA (Sophos)


PWS:MSIL/Petun.A is a trojan that steals information from the affected computer. The information is then sent to a remote attacker via email or uploaded to an FTP server. PWS:MSIL/Petun.A is also capable of changing certain computer settings.

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

For more information on antivirus software, see

Enabling the command prompt

This threat may disable the command prompt, which further prevents you from reversing its other computer changes. To enable the command prompt, follow these instructions:

  1. Using an administrator account, open the Group Policy Object Editor. To do this, go to Start and in the search box, type gpedit.msc.
  2. The Group Policy Object Editor should open. Go to Local Computer Policy>User Configuration>Administrative Templates>System and select Prevent access to the command prompt:
  3. Double-click on Prevent access to the command prompt and select Enable:
  4. Press OK and exit the Local Group Policy Editor.
Additional remediation instructions for PWS:MSIL/Petun.A

This threat may make lasting changes to a computer's configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article/s:

Follow us