Backdoor:Win32/Hackdef.AA is a backdoor Trojan that is distributed in various ways to computers running certain versions of Microsoft Windows. This Trojan is a user-mode rootkit. It creates, alters, and hides Windows system resources and can hide proxy services and backdoor functionality. It can also conceal use of TCP and UDP ports for receiving commands from attackers.

Exploit:Java/CVE-2010-0094.AA is the detection for malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

Worm:Win32/Vobfus.AA is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new computers. Commonly, worms may spread directly by copying themselves to removable or network drives, or by attempting to exploit particular vulnerabilities on targeted computers. Worms also often attempt to spread via platforms that require user interaction in order to run. They may send themselves as an attachment to an email or an instant message, or send a link to a copy of themselves in the body of a message. In these cases the message needs to be convincing enough to encourage the victim to click on the link or attachment and run or download a copy of the worm.

Trojan:Win32/BHO.AA is a trojan that drops an adware into the system. It may connect to various remote servers and display advertisements.

Backdoor:Win32/Mosucker.AA allows unauthorized access and control of an affected computer.

This detection covers some variants of malware that is also detected as Backdoor:Qakbot.gen!A. See that description for more information.

VirTool:Win32/VBInject.AA is a generic detection for malicious files that are obfuscated using particular techniques to protect them from detection or analysis.

VirTool:Win32/CeeInject.AA is a generic detection for malicious files that are obfuscated using particular techniques to protect them from detection or analysis.

TrojanProxy:Win32/Mitglieder.AA is a backdoor Trojan that targets computers running certain versions of Microsoft Windows. The Trojan injects its code into the Windows Explorer process explorer.exe. The Trojan monitors a randomly chosen TCP port for commands from attackers. Attackers can use the computer as a Web and SMTP proxy. 

Trojan:Win64/Sirefef.AA is a user-mode component of the Sirefef malware family and runs on the 64-bit version of Windows. Sirefef is a multi-component family that performs different functions, such as downloading updates and additional Sirefef components, hiding existing Sirefef components or performing a payload. This malware moderates your Internet experience by changing search results, and generating pay-per-click advertising revenue for the malware controllers.

For more information about the Sirefef family, see the description for Win32/Sirefef elsewhere in the encyclopedia.

Exploit:Java/CVE-2010-0840.AA is the detection for an obfuscated malicious Java class applet component that exploits the vulnerability described in CVE-2010-0840. Successful exploitation leads to remote code execution.

Backdoor:Win32/IRCbot.gen!AA is a worm that allows backdoor access and control of your computer by a remote server.

Worm:AutoIt/Autorun.AA is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new computers. Variants of Worm:Win32/Autorun usually spread using methods that include, but may not be limited to, copying themselves to removable or network drives, and placing an autorun.inf file in the root directory of each affected drive in an attempt to ensure that the worm is run when the removable drive is attached, or the network drive is visited from a remote system supporting the Autorun feature.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

Windows Defender detects and removes this threat.

This threat is part of the Backdoor:MSIL/Bladabindi family. This family can be used to take control of your PC and steal your sensitive information. Some variants can use your PC camera to record you or send information about what keys you press to a malicious hacker.

They can be installed on your PC from infected removable drives, such as USB flash drives, or by other malware, including TrojanDropper:MSIL/Habbo.A.

See the Backdoor:MSIL/Bladabindi family description for more information.

Find out ways that malware can get on your PC.  

Exploit:JS/Pdfjsc.AA is a detection for a specifically obfuscated JavaScript that targets software vulnerabilities in Adobe Acrobat and Adobe Reader. It attempts to exploit a buffer overflow vulnerability also known as CVE-2007-5659.

Win32/Korgo.AA.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. This may cause crashing and unexpected rebooting on an infected computer.