We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Exploit:Win32/ShellCode.gen!C
Aliases: Exploit.JS.Senglot (Ikarus) JS/BoF.J (Command) SCRIPT.Virus (Dr.Web) Trojan.Maliframe!html (Symantec) Trojan.Script.6869 (BitDefender)
Summary
Windows Defender detects and removes this threat.
Exploit:Win32/ShellCode.gen!C is a generic detection for JavaScript files that have malicious code. Generally, attackers use this malicious code to infect your computer with other malware.
These files are often downloaders which use the malicious code to exploit vulnerabilities in various software.
A vulnerability is like a hole in your software that malware can use (or exploit) to get on your computer. These holes are fixed by installing updates to the vulnerable software; this is why it is extremely important to keep all of the programs on your computer up to date.
See here for information on how to update some software.
As this is a generic detection, we cannot identify the precise files that use this code or the particular exploits that the code uses.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
If your computer has been detected with this threat, it is a good idea to ensure that all of your software is fully up-to-date. You can see our page on updating software for instructions on how to update Adobe, Java, Apple, and Microsoft software.
Note also that your security software may detect this threat when you visit a website that contains the malicious code, even if you are not using a vulnerable version of Java or other software. This does not mean that you have been compromised: it means an attempt to compromise your computer has been made.
Additional removal instructions
This threat may be present in your Temporary Internet Files folder. We recommend that you delete your temporary Internet files to prevent the persistent detection of this threat from within the Temporary Internet Files folder.
To delete the temporary Internet files from Internet Explorer, refer to KB Article 260897.
