We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Virus:Win32/Quervar.B
Aliases: PE_QUERVAR.B-O (Trend Micro) Trojan.Encoder.154 (Dr.Web) Trojan.Exprez!gen2 (Symantec) Trojan-Dropper.Win32.Dorifel (Ikarus) W32/Quervar.A (Avira) W32/Quervar-C (Sophos) W32/XDocCrypt.a (McAfee) Win32.Davion.B (BitDefender) Win32.Dorifel.Gen (VirusBuster) Win32/Quervar.C (ESET) Win-Trojan/Dorifel.151552 (AhnLab) Worm.Win32.Dorifel.a (Kaspersky)
Summary
Virus:Win32/Quervar.B is a virus that infects specific Microsoft Office document files and executable files. This virus has been observed contacting remote hosts in order to download files onto your computer.
In the wild, we have observed the virus infecting files with the following file extensions:
- .DOC
- .EXE
- .XLS
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
Additional remediation instructions for Virus:Win32/Quervar.B
This threat may make lasting changes to a computer's configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following articles:
- Enabling Task Manager:
- For Windows Vista
- For Windows XP
- Changing file associations:
- For Windows 7
- For Windows Vista
- For Windows XP
- Viewing hidden and/or system files:
- For Windows 7
- For Windows Vista
- For Windows XP