Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
500 entries found.
Displaying page 1
of 25.
Win32/Necurs
Microsoft security software detects and removes this family of threats.
This family of malware work together to download other malware, including threats from the Win32/Sirefef and Win32/Medfos families. They can also give a malicious hacker backdoor access and control of your PC.
These threats can be installed at the same time as rogue security software, such as Rogue:Win32/Winwebsec.
We have seen the Necurs family being installed by variants of the Blacole family, the Win32/Beebone family, the Win32/Zbot family, and the Win32/Dorkbot family.
Alert level:
severe
Win32/Zindos
Win32/Zindos is a worm that targets computers running the following Microsoft Windows 9x, Windows ME, Windows NT, Windows 2000, and Windows XP. The worm spreads to computers that are already infected by the mass-mailer worm Win32/Mydoom.O@mm. Win32/Zindos may perform a denial of service (DoS) attack against certain Web sites.
Alert level:
severe
Win32/Nachi
Win32/Nachi is a family of network worms that spread across network connections by exploiting one or more vulnerabilities in Microsoft Windows 2000 and Windows XP. These worms can also spread using backdoors opened by other malicious software. The worm tries to download and apply security updates; some variants try to remove other malicious software that may be on the infected computer. Some variants replace Web pages stored on the computer with their own Web page.
Alert level:
severe
Win32/Nachi
Win32/Nachi is a family of network worms that spread across network connections by exploiting one or more vulnerabilities in Microsoft Windows 2000 and Windows XP. These worms can also spread using backdoors opened by other malicious software. The worm tries to download and apply security updates; some variants try to remove other malicious software that may be on the infected computer. Some variants replace Web pages stored on the computer with their own Web page.
Alert level:
severe
Win32/Spybot
Win32/Spybot is a network worm that targets certain versions of Microsoft Windows. The worm can spread through writeable network shares that have weak administrator passwords, or through peer-to-peer, file-sharing programs. It can also spread by exploiting various Windows vulnerabilities. Win32/Spybot also has a backdoor component that allows attackers to control an infected computer.
Alert level:
high
Win32/Optixpro
Win32/Optixpro is a family of backdoor Trojans that targets several versions of Microsoft Windows. This Trojan is an enhanced version of Win32/Optix. The Trojan opens a backdoor that allows an attacker to control the computer remotely. It can be configured by attackers to perform a variety of malicious actions on the infected computer.
Alert level:
severe
Win32/Doomjuice
Win32/Doomjuice is a family of worms that target machines infected with Win32/Mydoom. Win32/Doomjuice scans for systems listening on the TCP port opened by the backdoor component of Win32/Mydoom. The worms launch a denial of service (DoS) attack against www.microsoft.com.
Alert level:
severe
Win32/Randex
Windows Defender Antivirus detects and removes this threat.
Win32/Randex is a family of worms that targets PCs running Microsoft Windows 9x, Windows NT 4.0, Windows 2000, Windows Server 2003, and Windows XP. T
he worm scans randomly-generated IP addresses to attempt to spread to network shares with weak passwords. After the worm infects a PC, it connects to an IRC server to receive commands from the attacker. If your PC is infected by this worm, you might notice crashes or slowdowns during normal operation.
Alert level:
severe
Win32/Plexus
Windows Defender Antivirus detects and removes this threat.
Win32/Plexus is a mass-mailing email worm that targets Microsoft Windows. The worm also spreads through Kazaa peer-to-peer network shares and to computers that have not been patched for the Windows vulnerabilities described in Microsoft Security Bulletins MS03-039 and MS04-011. Win32/Plexus opens a backdoor which allows attackers to run arbitrary code on the infected computer.
Alert level:
high
Win32/Passalert
Win32/Passalert is a family of Trojan downloaders capable of downloading and running malicious software. Win32/Passalert may stop, delete, or circumvent processes or services associated with firewall, antivirus, or other security software, thus potentially lowering the security settings on affected computers.
Alert level:
high
Win32/Sasser
Win32/Sasser is a family of network worms that exploit the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011. The worm spreads by randomly scanning IP addresses for vulnerable machines and infecting any that are found.
Alert level:
severe
Win32/Harnig
Win32/Harnig is a family of Trojan downloaders capable of downloading and running malicious software. Win32/Harnig may stop, delete, or circumvent processes or services associated with firewall, antivirus, or other security software, thus potentially lowering the security settings on affected computers.
Alert level:
high
Win32/Valla
Win32/Valla is a virus that appends itself to executable files on an infected computer.
Alert level:
high
Win32/Sober
Windows Defender Antivirus detects and removes this threat.
Win32/Sober is a family of mass-mailing worms that targets certain versions of Microsoft Windows.
The worm sends itself as an attachment to email addresses that it finds in files on the infected PC. The worm is activated when a user opens the attachment.
Alert level:
severe
Win32/Hybris
Win32/Hybris includes both a virus and a worm component. The virus component infects WSOCK32.DLL, enabling the virus to activate when an Internet connection is established. The worm component spreads by monitoring outgoing e-mail traffic and, when a legitimate e-mail is sent, follows that by sending a second email to the same addresses. That email contains a copy of the worm. Win32/Hybris can download plug-ins via anonymous binary postings made to a particular newsgroup, thus changing the functionality.
Alert level:
severe
Win32/Elkern
Win32/Elkern is a family of parasitic viruses that targets certain versions of Microsoft Windows. The virus can spread by infecting processes and executable files, and by copying itself to local drives and writeable network shares. It is also dropped by Win32/Klez.
Alert level:
high
Win32/Hackdef
Win32/Hackdef is a family of backdoor Trojans that is distributed in various ways to computers running certain versions of Microsoft Windows. This Trojan is a user-mode rootkit. It creates, alters, and hides Windows system resources on a computer that it has infected, and can hide proxy services and backdoor functionality. It can also conceal use of TCP and UDP ports for receiving commands from attackers.
Alert level:
severe
Win32/Yaha
Windows Defender Antivirus detects and removes this threat.
Win32/Yaha is a family of mass-mailing network worms that targets certain versions of Microsoft Windows. The worm spreads primarily by sending a copy of itself as an attachment to e-mail addresses gathered from an infected computer. It can also spread through mapped drives and writeable network shares. The worm can terminate security-related processes and conduct denial of service (DoS) attacks against certain Web sites.
Alert level:
severe
Win32/Gaobot
The Win32/Gaobot worm family spreads using different methods, depending on the variant. Some variants spread to machines with weak passwords. Others exploit vulnerabilities to infect machines. Once a machine is infected, the worm connects to an IRC server to receive commands.
Alert level:
high
Win32/Dumaru
Win32/Dumaru is a family of mass-mailing worms that targets certain versions of Microsoft Windows. The worm sends itself as an e-mail attachment to addresses that it finds on the infected computer. The worm runs when the user opens the attachment. Some variants drop a backdoor Trojan. Win32/Dumaru can infect or overwrite files, open ports, connect to an IRC server, release passwords and other confidential information, and receive commands from attackers.
Alert level:
severe