We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:Win32/Ginwui.A
Detected by Microsoft Defender Antivirus
Aliases: BackDoor-CKB!6708ddaf (McAfee) BKDR_GINWUI.B (Trend Micro) Backdoor.Ginwui.B (Symantec)
Summary
Backdoor:Win32/Ginwui.A is a Trojan dropper that installs a backdoor and rootkit on impacted systems. Backdoor:Win32/Ginwui.A was initially discovered as a file named Shell32.exe that is dropped and executed by TrojanDropper:Win32/Starx.A. For details on TrojanDropper:Win32/Starx.A, see:
http://www.microsoft.com/security/encyclopedia/details.aspx?Name=TrojanDropper:Win32/Starx.A
It is not advisable to remove Backdoor:Win32/Ginwui.A manually. Instead, use up-to-date antivirus software to remove this Trojan and detect other malicious software that may have been installed as a result of the original Trojan infection. To remove this malicious software using antivirus software, follow these steps:
- Disconnect from the Internet.
- Run up-to-date antivirus software.
- Take steps to prevent re-infection.
Disconnect from the Internet
To help ensure that your computer is not actively infecting other computers, disconnect it from the Internet before proceeding by unplugging your network cable or disabling your wireless connection. You can reconnect to the Internet after running antivirus software.
Run up-to-date antivirus software
Run up-to-date antivirus software to remove this Trojan dropper from your computer.
Take steps to prevent re-infection
Do not reconnect your computer to the Internet until the computer is protected from re-infection. See the "How to Prevent Infection" section for more information.
Follow us
