Published Jul 15, 2014 | Updated Nov 07, 2017


Detected by Microsoft Defender Antivirus

Aliases: Trojan/Win32.Qakbot (AhnLab) W32/Trojan.XBYW-8720 (Command) Trojan.Win32.Bublik.ctep (Kaspersky) winpe/Kryptik.CEIY (Norman) Crypt3.AMDJ (AVG) TR/Kazy.442004 (Avira) BackDoor.Qbot.222 (Dr.Web) Win32/Qbot.BH trojan (ESET) W32/Bublik.CTEP!tr (Fortinet) Trojan.Win32.Bublik (Ikarus) TROJ_SPNR.03J714 (Trend Micro)


Windows Defender Antivirus detects and removes this threat.

This threat can give a malicious hacker access and control of your PC. It can also steal your sensitive information, such as your bank details, and your email user names and passwords.

This threat can be installed by exploit kits, such as Sweet Orange. It can also spread using infected network and removable drives, such as USB flash drives.

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find hidden malware. 

Use cloud protection 

Use cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender Antivirus for Windows 10. 

Go to Settings > Update & security > Windows Defender > Windows Defender Security Center > Virus & threat protection and make sure that your Cloud-based Protection settings is turned On

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Follow us