Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
168 entries found. Displaying page 1 of 9.
Updated on Feb 05, 2010
Backdoor:WinNT/Tofsee.C is a kernel mode backdoor. It has an embedded downloader component that it drops and runs. Backdoor:WinNT/Tofsee.C is also used network traffic relay.
Alert level: severe
Updated on Jul 30, 2010
Trojan:WinNT/Bubnix.I is a trojan that is downloaded and installed by other malware. It sends out spam email messages based on data received from a remote server.
Alert level: severe
Updated on Jan 09, 2008
PWS:Win32/Sinowal.gen!D is a component of the greater Win32/Sinowal family.
Alert level: severe
Updated on Jan 09, 2008
PWS:Win32/Sinowal.gen!C is a component of the greater Win32/Sinowal family.
Alert level: severe
Updated on Nov 11, 2009
Backdoor:WinNT/Festi.A is a backdoor trojan that allows limited remote access and control. It retrieves instructions and commands from a remote attacker by connecting to a remote website and downloading data. The commands could instruct WinNT/Festi.A to distribute spam.
Alert level: severe
Updated on Oct 18, 2010
Trojan:WinNT/Bubnix.L is a generic detection for a kernel-mode driver installed by other malware that hides its presence on an affected computer by blocking registry and file access to itself. The trojan may report its installation to a remote server, download and distribute spam email messages, and could download and execute arbitrary files.
Alert level: severe
Updated on Sep 07, 2011

Trojan:WinNT/Diskhide.A is a trojan installed as a kernel-mode driver that attempts to hide modifications to the Master Boot Record (MBR), detected as Trojan:DOS/Wador.A.

Alert level: severe
Updated on Jul 22, 2008
VirTool:WinNT/Maxer.A is a kernel-mode rootkit program that is primarily designed to hide a running process and avoid process termination.
Alert level: severe
Updated on May 15, 2009
PWS:Win32/Zbot.PI is a trojan password stealer that can may bypass installed firewall applications to send captured passwords to an attacker.
Alert level: severe
Updated on Dec 30, 2009
VirTool:WinNT/Tapaoux.A is a trojan device driver that allows direct TCP communication with remote servers and is installed by Trojan:Win32/Tapaoux.A.
Alert level: severe
Updated on Jan 15, 2010
VirTool:WinNT/Rootkitdrv.HB is a kernel-mode malicious rootkit. It is used to interfere with the performance of "Kaspersky Antivirus", so that the malware using this tool may avoid detection by this antivirus program.
Alert level: severe
Updated on Sep 14, 2010
Trojan:Win32/Opachki.C is a backdoor that modifies a number of system settings, and periodically attempts to download and execute arbitrary files.
Alert level: severe
Updated on Sep 24, 2010
TrojanDropper:Win32/Otlard.A is a trojan that drops and registers Trojan:WinNT/Otlard.B as a service.
Alert level: severe
Updated on Oct 18, 2010
Trojan:WinNT/Bubnix.N is a generic detection for a kernel-mode driver installed by other malware that hides its presence on an affected computer by blocking registry and file access to itself. The trojan may report its installation to a remote server, download and distribute spam email messages, and could download and execute arbitrary files.
Alert level: severe
Updated on Dec 23, 2010
VirTool:WinNT/Rootkitdrv.HU is a kernel-mode rootkit that attempts to capture keystrokes entered by a user on the affected computer.
Alert level: severe
Updated on May 23, 2007
VirTool:WinNT/Mactu.A is a kernel-mode Trojan rootkit that hides files on an infected machine.
Alert level: severe
Updated on Jan 17, 2010

Trojan:WinNT/Sirefef.A is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.

Alert level: severe
Updated on Feb 24, 2010
VirTool:WinNT/Citeary.B is a detection for a kernel-mode driver that hooks certain Windows API calls and is installed by Worm:Win32/Citeary.B. Worm:Win32/Citeary.B is a worm that spreads to all available drives including the local drive and attempts to download other malware from a predefined website.
Alert level: severe
Updated on Mar 09, 2010
Trojan:WinNT/Bubnix.gen!A is a generic detection for a kernel-mode driver installed by other malware that hides its presence on an affected computer by blocking registry and file access to itself. The trojan may report its installation to a remote server, download and distribute spam e-mail messages and could download and execute arbitrary files.
Alert level: severe
Updated on Mar 18, 2010

Virus:Win32/Sirefef.A is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.

Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. If you are infected with Sirefef, we recommend you take the following steps to remove this threat from your computer:

Before you begin you will need:

- A computer that is not infected and is connected to the Internet. You will use this computer to download a copy of the Microsoft Safety Scanner
- A blank CD, DVD or USB drive. You will use this CD, DVD or USB drive to run the Scanner on your infected computer 

  1. Download a copy of the Microsoft Safety Scanner from a clean, uninfected computer
  2. Save a copy of the Scanner on a blank CD, DVD, or USB drive
  3. Restart the infected computer
  4. Insert the CD, DVD, or USB drive into your infected computer and run the Scanner
  5. Let the Scanner clean your computer and remove any infections it finds

After running the Scanner, ensure that your antivirus product is up-to-date. You can update Microsoft security products by downloading the latest definitions at this link: Get the latest definitions.

As a consequence of being infected with this threat, you may need to repair and reconfigure some Windows security features. Please see Additional remediation steps in this entry for more information.

Alert level: severe