Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
500 entries found. Displaying page 1 of 25.
Updated on Apr 11, 2011
The Win32/Renos family automatically downloads unwanted software such as SpySheriff, SpyAxe, SpyFalcon, SpyDawn, SpywareStrike, and other similarly named programs. These programs typically present erroneous warnings claiming the system is infected with spyware and offer to remove the alleged spyware for a fee. In some cases, the programs may also cause system instability.
Alert level: high
Updated on Jul 14, 2008
Trojan:Win32/Renos.A is a rogue security program that displays misleading alerts attempting to scare users into purchasing additional rogue security software.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.IF is a trojan that displays pop-ups, dialogs and balloons in an attempt to persuade the user to download and install a fake antimalware scanner. At the time of publication, this fake scanner was detected as Trojan:Win32/FakeRemoc.
 
Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 
 
Use Microsoft Windows Defender, the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742), or another up-to-date scanning and removal tool to detect and remove these threats and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.IM is a trojan that connects to a remote server to download other malware. It may also act as a trojan clicker.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.IO is a generic detection for a family of trojans that connect to certain websites in order to download other malware. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
 
 
Note: Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.JG is a detection for a trojan that connects to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
Alert level: severe
Updated on May 25, 2010
Win32/Renos.gen!AS is a family of Trojan downloaders that display fake warning messages indicating that spyware or malware has been detected on the machine before downloading rogue security products, most notably Program:Win32/Antivirusxp. Win32/Renos.gen!AS has been distributed via spam messages.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.JX is a generic detection for a family of trojans that connect to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.KA is a generic detection for a family of trojans that connect to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.KD is a generic detection for a family of trojans that connect to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.KH is a generic detection for a family of trojans that connect to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.KO is a generic detection for a family of trojans that connect to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.KV is a generic detection for a family of trojans that connect to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.KZ is a trojan that connects to a certain domain to download files and commands.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.CJ is a variant of Win32/Renos, a family of trojan downloaders that automatically download unwanted software such as SpySheriff, SpyAxe, SpyFalcon, SpyDawn, SpywareStrike, and other similarly named programs. These programs typically present erroneous warnings claiming the system is infected with spyware and offer to remove the alleged spyware for a fee. In some cases, the programs may also cause system instability.
Alert level: severe
Updated on Apr 11, 2011
Trojan:Win32/Renos.HL is an installer that connects to specified websites to download and install a fake antivirus scanner. This scanner is detected as Trojan:Win32/WinSpywareProtect.
 
Note 6th April 2009: We have received reports that TrojanDownloader:Win32/Renos.HL has been distributed attached to an email that masquerades as a message from Microsoft. The message reads as follows:
 
From: Microsoft Computer Safety Department
Subject (or similar): Microsoft Alert (Case#: wlTR6Zm)
 
Dear Windows User,
Starting April 1st, 2009 the "Comficker" virus began infecting Microsoft customers very quickly.
Microsoft was alerted by your Internet provider that your computer is showing signs of being infected.
To prevent further infection we recommend removing the infection using an antivirus program
We are giving all effected Microsoft customers a free antispyware scan in order to remove any infections from their system.
Please visit the Microsoft Windows System Security Scanner website by clicking here to start scanning your computer.
The process takes under a minute and will prevent your information from being stolen.
We appreciate your cooperation in this matter.
 
Regards
Microsoft Windows Representative #10(Willa)
Windows Net Security Division
Email Ref ID: g9BK0f
 
This email was not sent by Microsoft and is an attempt to use the current interest and concern over Win32/Conficker in order to persuade users to download and install arbitrary files of the attacker's choice - in this case, Trojan:Win32/Renos.HL and in turn Trojan:Win32/WinSpywareProtect.
Additional information on how to help verify the legitimacy of a Microsoft e-mail can be found here:
Alert level: severe
Updated on May 25, 2010
TrojanDownloader:Win32/Renos.gen!BB is a generic detection for a family of trojans that connect to certain websites in order to download other malware. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.HY is a trojan that connects to certain websites in order to download other malware. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.IA is a trojan that connects to certain websites in order to download other malware. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/Renos.IZ is a trojan that connects to certain websites in order to download other malware. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
Alert level: severe