Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/Vundo.KAT
Detected by Microsoft Defender Antivirus
Aliases: Injector.AAJ (AVG) TR/ATRAPS.Gen (Avira) Gen:Variant.Vundo.4 (BitDefender) Trojan.Win32.Pirminay (Ikarus) Troj/Agent-PKR (Sophos)
Summary
Trojan:Win32/Vundo.KAT is a trojan that is a member of Win32/Vundo - a multiple-component family of programs that deliver out-of-context pop-up advertisements. They may also download and execute arbitrary files. This family uses advanced defensive and stealth techniques to escape detection and to prevent its removal.
To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Additional Recovery Steps
This threat may make lasting changes to an affected system’s configuration that will NOT be restored by detecting and removing this threat. For more information on returning an affected system to its pre-infected state, please see the following article/s:
- Enabling the Phishing Filter in Internet Explorer 7 and 8: http://support.microsoft.com/kb/930168
- For other support and help related articles, go to:
- Windows 7: http://support.microsoft.com/gp/windows7
- Windows Vista: http://support.microsoft.com/ph/11732
- Windows XP: http://support.microsoft.com/ph/1173