TrojanDropper:Win32/Hiloti.gen!A drops and installs several malware into the affected computer.

What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

For more information on antivirus software, see

Threat behavior

TrojanDropper:Win32/Hiloti.gen!A drops or installs several malware into the affected computer.


TrojanDropper:Win32/Hiloti.gen!A drops and executes files in the %LOCALAPPDATA% folder. The dropped files have decimal numbers for names. For example:

  • %LOCALAPPDATA%\206750.exe
  • %LOCALAPPDATA%\206751.exe

These files may be detected as Trojan:Win32/Hiloti.gen!D.

TrojanDropper:Win32/Hiloti.gen!A has also been observed installing any of these malware:

Analysis by Gilou Tenebro


Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.


Alert level: Severe
First detected by definition: 1.91.549.0
Latest detected by definition: 1.185.3495.0 and higher
First detected on: Sep 24, 2010
This entry was first published on: Apr 04, 2011
This entry was updated on: Apr 20, 2011

This threat is also detected as:
  • Trojan-Downloader.Win32.Mufanom.bewi (Kaspersky)
  • Trojan.DL.Mufanom!7UKfRefEqvo (VirusBuster)
  • Trojan-Downloader.Win32.Mufanom (Ikarus)
  • Hiloti.gen.q (McAfee)
  • Trojan.Win32.Cimag.gk (Sunbelt Software)
  • TROJ_HILOTI.SMAX (Trend Micro)