We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
PWS:Win32/Paymilon.A
Detected by Microsoft Defender Antivirus
Aliases: Win-Trojan/Paymilon.31892 (AhnLab) Win32/Klogmil.A (CA) MULDROP.PWS.Trojan (Dr.Web) Trojan-Dropper.Win32.Agent.avzq (Kaspersky) Troj/Agent-KPU (Sophos) Infostealer (Symantec)
Summary
PWS:Win32/Paymilon.A is a trojan password stealer. The trojan captures e-mail configuration details and stores them as a file locally and may attempt to connect to the domain 'pay.militarypayonline.net'. The domain is registered to a user located in Asia.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.
Follow us
