PWS:Win32/Bzub.gen
PWS:Win32/Bzub.gen is a generic detection for the installer of a malicious web Browser Helper Object (BHO) or a DLL that may monitor typed logon credentials for accessed websites.
PWS:Win64/Sinowal.gen!B
PWS:Win64/Sinowal.gen!B is a component of the Win32/Sinowal family.
Win32/Sinowal is a family of password-stealing and backdoor trojans. These trojans may to steal sensitive information by disrupting SEcure Socket Layer (SSL) transactions (those that use certificates) from your computer. Some Sinowal components may also be able to hide or disguise themselves to avoid detection, and perform operations pretending to be trusted processes, such as "explorer.exe", to bypass your computer's security defences.
PWS:Win32/Kiction.A
PWS:Win32/Zbot.AHD
PWS:Win32/Zbot.AHD is trojan that allows unauthorized access and control of your computer, and steals your valuable information, such as passwords. PWS:Win32/Zbot.AHD is created by kits known as "Zeus" which are bought and sold on the Internet black market.
PWS:Win32/Zbot.AHD is widespread. It has been distributed and installed on user's computers in several different ways, including:
- Downloaded by other malware such as Win32/Bredolab, Win32/Kelihos, Win32/Waledac, Exploit:Win32/CplLnk, and variants of Win32/Cutwail.
- Downloaded as a payload for exploit kits such as blackhole (we detect this as Blacole), and for exploits including Exploit:Java/CVE-2012-0507, Exploit:Java/CVE-2012-1723, Exploit:Java/CVE-2013-0422, and Exploit:Win32/Pdfjsc.
- Spammed out attached to email
Visit the Win32/Zbot family description for more details about how this malware is distributed.
PWS:Win32/Sekur.A
Windows Defender detects and removes this threat.
This threat can steal your personal information, such as your user names and passwords. It sends the stolen information to a malicious hacker.
This threat might have got on your PC through an exploit kit or phishing attack.
PWS:Win32/Banker.JX
PWS:Win32/Zbot.gen!AC
PWS:Win32/Zbot
Microsoft security software detects and removes this threat.
This family of trojans can steal your personal and financial information and give a hacker access and control of your PC. They can also lower your Internet browser security and turn off your firewall.
We have seen these threats download other malware, including Trojan:Win32/Crilock.A and Trojan:Win32/Necurs. Crilock is a ransomware family that can encrypt the files on your PC and then demand money to unlock them. Necurs is family of malware that can turn off your security software and redirect your web browser.
Win32/Zbot can be installed on your PC via spam emails and hacked websites, or packaged with other malware families.
PWS:Win32/Dofoil.D
Microsoft Defender Antivirus detects and removes this threat.
PWS:Win32/Dofoil.D is a trojan that steals user names and passwords for certain FTP applications and Microsoft Outlook.
On March 6, 2018, behavior monitoring and machine learning technologies in Microsoft Defender Antivirus stopped a Dofoil variant (also known as Smoke Loader) that tried to infect more than 400,000 computers. The massive campaign aimed to install a cryptocurrency miner that uses victim computers' resources for coin mining purposes. Learn how artificial intelligence stopped the attack within minutes:
Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign