Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
500 entries found.
Displaying page 1
of 25.
TrojanDownloader:Win32/Banload.IU
TrojanDownloader:Win32/Banload.IU is the detection for malware that downloads and executes other malware from a remote server. The downloaded files are usually members of the TrojanDownloader:Win32/Banload or TrojanSpy:Win32/Bancos family.
Alert level:
severe
TrojanDownloader:Win32/Banload.HW
TrojanDownloader:Win32/Banload.HW is a trojan that attempts to connect to specific Web sites to download a file, which may be other malware.
For more information, refer to the TrojanDownloader:Win32/Banload family description.
Alert level:
severe
Trojan:BAT/Killav.AV
Trojan:BAT/Killav.AV is a trojan that arrives in a self-extracting RAR file, with a banking trojan and a clean PowerPoint file. It renames a component of the AVG antivirus program, preventing it from updating.
Alert level:
severe
Trojan:BAT/Killav.AW
Trojan:BAT/Killav.AW is a batch script trojan that renames certain files associated with a security software application to allow other malware to bypass detection by the related security product.
Alert level:
severe
TrojanDownloader:Win32/Conhook.A
TrojanDownloader:Win32/Conhook.A attempts to download content from a remote Web site. TrojanDownloader:Win32/Conhook.A injects its code into running processes which could, depending on configuration, allow the Trojan to bypass permission-based firewalls in order to gain Internet access.
Alert level:
severe
TrojanDownloader:ASX/Wimad.gen!F
TrojanDownloader:ASX/Wimad.gen!F is a detection for Windows media files that, when opened using Windows Media Player, open a URL in the browser. These URLs usually direct the user to open an executable file, which may be detected as other malware.
Alert level:
severe
TrojanDownloader:Win32/Renos.gen!AV
Win32/Renos.gen!AV is a family of Trojan downloaders that display fake warning messages indicating that spyware or malware has been detected on the machine before downloading rogue security products, most notably Program:Win32/Antivirusxp. Win32/Renos.gen!AV has been distributed via spam messages.
Alert level:
severe
TrojanDownloader:Win32/Renos.gen!BA
Win32/Renos.gen!BA is a generic detection for a family of trojan downloaders that display fake warning messages indicating that spyware or malware has been detected on the machine, before downloading rogue security products, most notably Program:Win32/Antivirusxp or Trojan:Win32/FakeXPA. In the wild, Win32/Renos.gen!BA has been distributed via spam e-mail messages.
Alert level:
severe
TrojanDownloader:Win32/Renos.gen!BE
TrojanDownloader:Win32/Renos.gen!BE is a generic detection for a family of trojans that connect to certain websites in order to download arbitrary files. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.
Alert level:
severe
TrojanDownloader:Win32/Zlob.gen!GV
TrojanDownloader:Win32/Zlob.gen!GV is a generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.
Alert level:
severe
TrojanDownloader:Win32/Zlob.gen!BE
TrojanDownloader:Win32/Zlob.gen!BE is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.
Alert level:
severe
TrojanDownloader:Win32/Zlob.gen!Z
TrojanDownloader:Win32/Zlob.gen!Z is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.
Alert level:
severe
TrojanDownloader:Win32/Zlob.gen!A
TrojanDownloader:Win32/Zlob.gen!A is a family of Trojan programs. Variants of the Zlob family modify Internet Explorer's settings, redirect the default internet search page and home page, and attempt to download and execute malicious software from the Internet.
Alert level:
severe
TrojanDownloader:Win32/Agent!D529
TrojanDownloader:Win32/Agent!D529 is a Trojan downloader that drops a file onto the infected computer and attempts to download unwanted software from a remote Web site. The content could include anything from additional downloader Trojans to imitation security programs.
Alert level:
severe
TrojanDownloader:Win32/Renos.CM
TrojanDownloader:Win32/Renos.CM is a variant of Win32/Renos, a family of trojan downloaders that automatically download unwanted software such as SpySheriff, SpyAxe, SpyFalcon, SpyDawn, SpywareStrike, and other similarly named programs. These programs typically present erroneous warnings claiming the system is infected with spyware and offer to remove the alleged spyware for a fee. In some cases, the programs may also cause system instability.
Alert level:
severe
TrojanDownloader:Win32/Poisonvy!JPG
TrojanDownloader:Win32/Poisonvy!JPG is a malicious jpg that contains code that attempts to exploit vulnerabilities in GDI in order to download additional malware onto the vulnerable machine. In the wild, this exploit code has been observed attempting to download Backdoor:Win32/Poisonivy.E. Please note, however, that in this example, the malicious code failed to exploit this vulnerability, and thus the trojan-downloading payload remains intended.
For more information on these vulnerabilities, please see Microsoft Security Bulletin MS08-021.
Alert level:
severe
TrojanDownloader:Win32/Small.E
TrojanDownloader:Win32/Small.E repeatedly accesses a remote website in an attempt to download and install malicious or unwanted software. The Trojan attempts to hide its presence on the system and continually refreshes the registry edits made to lower security settings.
Alert level:
severe
TrojanDownloader:Win32/Horst.H
TrojanDownloader:Win32/Horst.H is a trojan downloader component of the Horst malware family.
Alert level:
severe
TrojanDownloader:Win32/Renos.Y
TrojanDownloader:Win32/Renos.Y is a detection for a trojan that connects to certain websites and downloads other unwanted software and malware, such as Trojan:Win32/FakeSecSen, Trojan:Win32/Bohmini and other Win32/Renos components.
Alert level:
severe
TrojanDownloader:JS/Multibreach.B
TrojanDownloader:JS/Multibreach.B is a detection for specially-crafted web pages that use JavaScript to download additional malware components based on the browser's vulnerability to specific exploits. These web pages are designed to trigger the browser vulnerabilities, thereby allowing malware to be downloaded into the system.
Alert level:
severe