Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
45 entries found. Displaying page 1 of 3.
Updated on Oct 07, 2008
Alert level: severe
Updated on Oct 07, 2008
Alert level: severe
Updated on May 25, 2010
TrojanDownloader:Win32/Zlob.gen!AT is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.
Alert level: severe
Updated on Apr 11, 2011
Virus:Win32/Virut.BB is a polymorphic virus that infects files with the EXE or SCR file extension. It may open a backdoor connection, allowing a remote attacker to download and run files on the infected computer.
Alert level: severe
Updated on Apr 11, 2011
Worm:VBS/Autorun.AL is a worm that spreads via removable and fixed drives.
Alert level: severe
Updated on Apr 30, 2011

Joke:BAT/Crazywindow.A is a batch file, which, when run, attempts to start the command prompt and the calculator application in an infinite loop, until all Windows resources are exhausted.

Alert level: moderate
Updated on Apr 11, 2011
Worm:Win32/Dasher.C searches random IP addresses for computers listening on specific ports. It then tries to exploit known vulnerabilities on these remote computers.
Alert level: severe
Updated on Apr 11, 2011
Worm:BAT/Autorun.B is part of a multi-component malware family that propagates by creating copies in drives found in the system.
Alert level: severe
Updated on May 17, 2010
TrojanDownloader:Win32/Dogrobot.gen!J is a trojan downloader that is dropped and executed by Trojan:Win32/Dogrobot.gen!H. It terminates certain processes and services related to antivirus programs, and connects to a certain website, possibly to download other malware.
Alert level: severe
Updated on Apr 11, 2011
Worm:AutoIt/Sohanad.AI is an AutoIT script worm that spreads by copying itself to local and removable drives, and network shares. It may also send messages to contacts via Yahoo Messenger.
Alert level: severe
Updated on Apr 11, 2011
Win32/Prisos.A is a destructive trojan that has been distributed as a 40,960-byte executable. The trojan's code is not packed or encrypted. This trojan may slow down an affected system's performance and render it unbootable.
Alert level: severe
Updated on Feb 01, 2005
Win32/Korgo.AE.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Update MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may A computer infected with this worm display an LSA crash dialog box and may crash and reboot unexpectedly.
Alert level: severe
Updated on Feb 01, 2005
Win32/Korgo.AF.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Update MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.
Alert level: severe
Updated on Feb 15, 2007
Trojan:Win32/Yidvar.A is a backdoor that receives commands from a remote Web server and may log keystrokes on an infected computer.
Alert level: severe
Updated on Feb 02, 2005
Win32/Korgo.C.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm monitors TCP ports and opens a backdoor to allow unauthorized access to infected systems. A computer infected with this worm may crash and reboot unexpectedly.
Alert level: severe
Updated on Apr 11, 2011
Virus:Win32/Virut.BI is a polymorphic appending file infector that infects files with the EXE and SCR file extensions. It may open a backdoor connection, allowing a remote attacker to download and run files on the infected computer.
Alert level: severe
Updated on Jun 12, 2014

Windows Defender detects and removes this threat.

This threat is an audio file (MP3) used by some variants of the Ransom:Win32/Tobfy family of ransomware trojans, such as Ransom:Win32/Tobfy.L and Ransom:Win32/Tobfy.G.

The audio file contains a fake FBI warning message that says your computer is blocked for "violation of federal law". The message is played repeatedly and cannot be stopped.

If your computer is infected with this file, then it is likely you are also infected with other ransomware components, such as Ransom:HTML/Genasom.D. These components may prevent access to your computer by covering your desktop with a page that also demands payment of the fine.

You can read more on our ransomware page.

Alert level: severe
Updated on Feb 07, 2005
Win32/Korgo.A.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.
Alert level: severe
Updated on Apr 11, 2011
Win32/Sasser is a family of network worms that exploit the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011. The worm spreads by randomly scanning IP addresses for vulnerable machines and infecting any that are found.
Alert level: severe
Updated on Feb 07, 2005
Win32/Korgo.AA.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. This may cause crashing and unexpected rebooting on an infected computer.
Alert level: severe