Windows Defender detects and removes this threat.

This malware family can steal your personal information and lower your PC security settings. 

Find out ways that malware can get on your PC.

Win32/Busky is a family of Trojans that monitor and redirect Internet traffic, gather system information and download unwanted software such as Win32/Renos and Win32/SpySheriff. Win32/Busky may be installed by a Web browser exploit or other vulnerability when visiting a malicious Web site.

Trojan:IRC/WinBot.dr opens a backdoor on TCP port 113 and UDP port 30167, connects to an IRC channel, and downloads and installs other files. Trojan:IRC/WinBot.dr also includes keylogger capabilities. Some variants of Trojan:IRC/WinBot.dr include the Win32/Parite virus, possibly as a result of cross-infection. Win32/Parite infects portable executable files on local drives and accessible network shares.

Trojan:Win32/Goweh.E is a Trojan that alters several settings in Internet Explorer. It changes the home page and redirects search queries and traffic to other Web pages. Win32/Goweh.E is normally installed on a computer by another Trojan dropper or downloader.

Trojan:Win32/Virtumonde.O is a Trojan dynamic link library (DLL) that installs itself as a Browser Helper Object (BHO) and generates popup advertisements on a user's desktop. The component is injected into EXPLORER.EXE by a dropper Trojan. Advertisements may appear as a visible window or may be hidden from view.

Trojan:Win32/Starcedor.A is a Trojan that monitors an affected user's network traffic and intercepts search requests to Google.

Trojan:MacOS/RSPlug.A is a Trojan for Mac OS X that modifies existing DNS settings. This Trojan may pose as a Mac codec in the form of a disk image file.

Trojan:SH/RSPlug.A is an installed component of Trojan:MacOS/RSPlug.A, a Trojan for Mac OS X that modifies existing DNS settings. This Trojan may pose as a Mac codec in the form of a disk image file.

Trojan:Win32/Alemod.C is a data-stealing Trojan that is installed by Trojan dropper Trojan:Win32/Alemod.C.dr. For more information, see the encyclopedia entry for Trojan:Win32/Alemod.C.dr at http://www.microsoft.com/security/encyclopedia/details.aspx?Name=Trojan:Win32/Alemod.C.dr

Trojan:Win32/Perfcoo.A is a small Trojan downloader. Trojan:Win32/Perfcoo.A may contact a remote Web site and execute a server-side script. This Trojan may be installed or downloaded by other pre-existing Trojans or unwanted software on the infected computer.

Trojan:Win32/Wopla.gen!Y is a generic detection for a family of Trojans that act as proxies, allowing an attacker to send spam e-mail, some with binary attachments. Trojan:Win32/Wopla.gen!Y may also download, upload and execute files on the affected machine.

Win32/Busky is a family of Trojans that monitor and redirect Internet traffic, gather system information and download unwanted software such as Win32/Renos and Win32/SpySheriff. Win32/Busky may be installed by a Web browser exploit or other vulnerability when visiting a malicious Web site.

Trojan:Win32/Yidvar.A is a backdoor that receives commands from a remote Web server and may log keystrokes on an infected computer.

HTML/Emerleox is detection for files modified by Worm:Win32/Emerleox.gen, a network worm that attempts to copy itself to writable network shares by exploiting weak password/username combinations. When Worm:Win32/Emerleox.gen is run, it attempts to disable certain antivirus and firewall products by disabling registry entries and killing processes associated with those programs.

Trojan:Java/Classloader.F is a malicious Java applet that can infect Microsoft Windows computers that are not patched with Microsoft Security Update MS03-011. An attacker can insert the Java applet into HTML code and host the code on a Web server or send the code in e-mail. When a user opens the Web page or e-mail, the vulnerability allows the applet to bypass a security check on the computer. The applet can then run malicious code on the computer and open a backdoor to receive commands from attackers.

Trojan:Win32/Agent.ABA is a Trojan that may download additional malware and may also provide backdoor/proxy functionality.

Trojan:Win32/Starter creates an unauthorized user account on the system and adds that account to the administrator group as a “Remote Service Account".

 

On July 16, 2007, Microsoft identified a misclassification in the Trojan:Win32/Starter signature which could result in erroneous detections of this Trojan in certain PE files created by Quick Batch File Compiler. To address this issue, impacted customers should update to signature files with version number 2740.6 or above.

Trojan:WinNT/Bagle.gen is generic detection for variants of WinNT/Bagle, a component of the greater Win32/Bagle multi-component family of malware. WinNT/Bagle provides advanced stealth functionality and anti-removal measures for this family.

Trojan:Win32/Conhook is a family of Trojans that installs themselves as Browser Helper Objects (BHOs), and connects to the Internet without user consent. They also terminate specific security services, and download additional malware to the computer.