We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:Win32/Optix.W
Detected by Microsoft Defender Antivirus
Aliases: No associated aliases
Summary
Backdoor:Win32/Optix.W is a highly configurable backdoor Trojan that allows an attacker to control an infected computer remotely. It can also release system information to an attacker and disable security-related software and other programs.
Attackers can configure many aspects of the behavior of Backdoor:Win32/Optix.W, including the registry values that it sets and the names of files that it drops. This makes it difficult to recover manually from this Trojan. Therefore, it is best to use an automatic recovery method such as one of the following:
- The Microsoft Malicious Software Removal Tool. For more information, see http://www.microsoft.com/security/malwareremove/default.mspx
- The Microsoft Safety Scanner scanner. For more information, see http://go.microsoft.com/fwlink/?LinkId=212742
Alternatively, you can recover automatically from Backdoor:Win32/Optix.W using other antivirus software offline. To do so, follow these steps:
-
Disconnect from the Internet.
-
Run up-to-date antivirus software.
-
Take steps to prevent re-infection.
Disconnect from the Internet
To help ensure that your computer is not actively infecting other computers, disconnect it from the Internet before proceeding by unplugging your network cable and disabling your wireless connection. You can reconnect to the Internet after completing these steps.
Run up-to-date antivirus software
Run up-to-date antivirus software to completely clean the Trojan from your computer.
Take steps to prevent re-infection
Do not reconnect your computer to the Internet until the computer is protected from re-infection. See the "Preventing Infection" section for more information.
Follow us
