We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Aliases: Trojan.MSIL.Disfa.bsto (Kaspersky) winpe/Troj_Generic.OEKLP (Norman) Generic34.AXLL (AVG) TR/MSILKrypt.6.258 (Avira) Gen:Variant.MSILKrypt.6 (BitDefender) Win32.HLLW.Autoruner.25074 (Dr.Web) MSIL/Injector.BOX trojan (ESET) MSIL/Injector.PEW!tr (Fortinet) TR/Bladabindi.J.1 (Avira) Trojan.Bladabindi!4BAD (Rising AV) Troj/Bbindi-A (Sophos) Trojan/Win32.Jorik (AhnLab) W32/Bladabindi.D (Norman) Trojan.Bladabindi!4D1D (Rising AV)
Microsoft security software detects and removes this family of threats.
This malware family can steal your sensitive information and send it to a malicious hacker. The family can also download other malware and give backdoor access to your PC.
Variants of the family can spread via infected removable drives, such as USB flash drives. They can also be downloaded by other malware, or spread though malicious links and hacked websites.
Use the following free Microsoft software to detect and remove this threat:
- Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
You should also run a full scan. A full scan might find hidden malware.
Protect your sensitive information
This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:
You should change your passwords after you've removed this threat:
Get more help
If you’re using Windows XP, see our Windows XP end of support page.