VirTool:Win32/Injector.AB is a generic detection for malicious files that are obfuscated using particular techniques to protect them from detection or analysis.

Win32/Randex.AB.worm is a network worm that targets computers running certain versions of Microsoft Windows. The worm generates and scans IP addresses randomly to attempt to spread to writeable network shares that have weak passwords. The worm also has backdoor capabilities that allow attackers to control an infected computer through an IRC channel.

Microsoft Defender Antivirus detects and removes this threat.

This threat downloads and installs other programs, including other malware, onto your PC without your consent.

Find out ways that malware can get on your PC.

Worm:Win32/Pushbot.AB is a worm that may spread via MSN Messenger and/or AIM. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

VirTool:Win32/Obfuscator are detections for programs that have had their purpose obfuscated to hinder analysis or detection by anti-virus scanners. They commonly employ a combination of methods including encryption, compression, anti-debugging and anti-emulation techniques.

TrojanDownloader:ASX/Wimad is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser. 

Windows Defender Antivirus detects and removes this threat.

 

This trojan sends spam email messages from your PC. It can also give a malicious hacker access and control of your PC, change your security settings, and disable the Windows Firewall.

 

Find out ways that malware can get on your PC.  

Worm:Win32/Slenfbot.AB is a worm that can spread via MSN Messenger, and may spread via removable drives. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Virus:Win32/Virut.AB is a polymorphic appending virus that infects .EXE and .SCR files. Win32/Virut.AB may additionally connect with a remote Internet Relay Chat (IRC) server and await commands, allowing a remote attacker to download and execute arbitrary files on the infected computer.

VirTool:Win32/Injector.gen!AB is a generic detection for malicious files that are obfuscated using particular techniques to protect them from detection or analysis.

VirTool:Win32/CeeInject.AB is a generic detection for malicious files that are obfuscated using particular techniques to protect them from detection or analysis.

Trojan:Win32/Alureon.gen!AB is the generic detection for a member of the Win32/Alureon family. It drops another malware, tries to delete the Hosts file, and tries to create a virtual file system (VFS). It may also connect to certain servers.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

Virus:Win32/Expiro.AB is the detection for a virus that infects EXE files in all drives and collects user credentials from an infected computer. It also allows backdoor access and control to the infected computer, and lowers Internet Explorer settings.

Microsoft Defender Antivirus detects and removes this threat.

This sophisticated downloader has been observed to download Trojan:Win32/Dofoil.AB and Trojan:Win32/CoinMiner.D in the wild. It injects its code and runs hidden in system programs to avoid detection. 

On March 6, 2018, behavior monitoring and machine learning technologies in Microsoft Defender Antivirus stopped a Dofoil variant (also known as Smoke Loader) that tried to infect more than 400,000 computers. The massive campaign aimed to install a cryptocurrency miner that uses victim computers' resources for coin mining purposes. Learn how artificial intelligence stopped the attack within minutes:

Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign

 

VirTool:Win32/DelfInject.gen!AB is a generic detection for malicious files that are obfuscated using particular techniques to protect them from detection or analysis.

Virus:Win32/Ramnit.AB is the detection for files infected by variants of the Win32/Ramnit malware family. This malware drops and loads other malware, which may be detected as Trojan:Win32/Ramnit.gen!A.

TrojanDownloader:Win32/Zlob.gen!AB is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.