We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:WinNT/Tofsee.C
Detected by Microsoft Defender Antivirus
Aliases: W32/RootkitX.ZG (Command) Rootkit.Win32.Pakes.zo (Kaspersky) W32/Smalldrp.AXIR (Norman) Win32/TrojanDownloader.Genome.CLU (ESET) Rootkit.Win32.Pakes (Ikarus) Rootkit.d (McAfee)
Summary
Backdoor:WinNT/Tofsee.C is a kernel mode backdoor. It has an embedded downloader component that it drops and runs. Backdoor:WinNT/Tofsee.C is also used network traffic relay.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.