Also detected as:
The following could indicate that you have this threat on your PC:
detects and removes this threat.
This trojan downloads other malware onto your PC. It also opens a text file to try and fool you into thinking it's harmless.
There is more information about this type of threat in the Win32/Kuluoz family description.
Find out ways that malware can get on your PC.
Use the following free Microsoft software to detect and remove this threat:
You should also run a full scan. A full scan might find other, hidden malware.
You can also see our advanced troubleshooting page for more help.
If you’re using Windows XP, see our Windows XP end of support page.
TrojanDownloader:Win32/Kuluoz.D uses the legitimate Windows file svchost.exe to drop a copy of itself into the %APPDATA% folder using a random 8-character file name.
It then creates a registry entry that lets it run automatically every time Windows starts:
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\RunSets value: "<8 random characters>"With data: "%APPDATA%\<8 random characters.exe>"
It installs a text file to try and mislead you into thinking that it's a harmless file rather than malware. It then automatically opens this text file. The contents might look like this:
Downloads other malware
TrojanDownloader:Win32/Kuluoz.D can download other malware onto your PC. We have seen it download and run these threats:
Connects to a remote server
Win32/Kuluoz.D connects to a remote server to receive further instructions, including:
We have seen it connect to these servers, although this list can change:
Analysis by Daniel Radu
Take these steps to help prevent infection on your PC.
I want to...
Note: Your feedback is very important to us, however we do not respond to individual submissions through this channel.
If you require support, please visit the
Safety & Security Center.