Also detected as:
The following could indicate that you have this threat on your PC:
detects and removes this threat.
This threat can download other malware onto your PC.
Find out ways that malware can get on your PC.
The following free Microsoft software detects and removes this threat:
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.
TrojanDownloader:Win32/Onkods is a small executable, usually between 6kB and 25kB in size, that downloads and runs other malware.
We have seen it distributed with the file name IMG<10 digits>-JPG.scr, for example IMG1337019400-JPG.scr.
When run, TrojanDownloader:Win32/Onkods contacts a server, from which it can download other malware files. The file is saved to either %TEMP%, or the directory where Win32/Onkods is running from.
It then runs the downloaded file.
Examples of servers contacted by Win32/Onkods include:
We have seen Win32/Onkods downloading the following malware families:
Analysis by David Wood
Take these steps to help prevent infection on your PC.
I want to...
Note: Your feedback is very important to us, however we do not respond to individual submissions through this channel.
If you require support, please visit the
Safety & Security Center.