Windows Defender detects and removes this threat.

This threat can download other malware onto your PC.

It spreads via a spam email attachment. It can also be downloaded by other malware, such as TrojanDownloader:Win32/Upatre and TrojanDownloader:Win32/Kuluoz.

TrojanDownloader:Win32/Banload.EC is a Trojan that downloads additional malware. This Trojan has been observed to be distributed with the file name 'Feliz_Navidad.exe', or 'Fotos.scr'.

TrojanDownloader:Win32/Swif.I is a trojan that attempts to exploit a vulnerability in Adobe Flash Player. It attempts to download and run other malware in an infected computer.

TrojanDownloader:ASX/Wimad is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser. 

TrojanDownloader:Win32/Juloft.A is a trojan that attempts to download other files from certain Web sites. The downloaded files may be other malware.

TrojanDownloader:Win32/Zlob.BBD is a detection for malware that injects code into the Internet Explorer process to download and execute additional malware. As of this writing, the downloaded files are not accessible.

TrojanDownloader:Win32/Renos.IZ is a trojan that connects to certain websites in order to download other malware. This may include other TrojanDownloader:Win32/Renos components, and rogue antivirus software such as Trojan:Win32/FakeSecSen or Trojan:Win32/FakeXPA.

TrojanDownloader:VBS/Agent.EK is detection for a specific block of trojan VBScript code. The trojan code may download and execute other malicious software (malware).

TrojanDownloader:Win32/Cradolep.A is a trojan that downloads and installs arbitrary files from a remote Web site. It is dropped and installed in the system by TrojanDropper:Win32/Cradolep.A.

Program:Win32/FakeAlert.N falsely claims the system is infected and encourages the user to buy a promoted product for clearing the purported malware from the affected machine.

Win32/Renos.gen!AZ is a family of Trojan downloaders that display fake warning messages indicating that spyware or malware has been detected on the machine before downloading rogue security products, most notably Trojan:Win32/Antivirusxp. Win32/Renos.gen!AZ has been distributed via spam messages.

TrojanDownloader:Win32/Zlob.gen!AA is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers to a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

TrojanDownloader:Win32/Zlob.gen!N is generic detection for a variant of a large Trojan family that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). This Trojan attempts to retrieve a file named VideoAccessCodec.ocx from a remote Web site. This file is detected as TrojanDownloader:Win32/Zlob.gen!K.

TrojanDownloader:Win32/Zlob.gen!BL is a generic detection for a trojan downloader member of the Zlob family. It installs a BHO (Browser Helper Object) in the system. It may also modify the default browser search engine to redirect searches to a certain web site.

TrojanDownloader:Win32/Obitel.gen!A is a trojan that downloads and executes arbitrary files.

TrojanDownloader:Win32/Jowspry is a malicious application that uses the Background Intelligent Transfer Service (BITS) to download programs from the Internet, possibly using HTTP or FTP URLs to obtain the files.  After the file(s) are downloaded to the compromised computer, they are executed.

 

The use of BITS could allow TrojanDownloader:Win32/Jowspry to bypass some permission-based firewalls in order to install additional malware. This bypass relies on TrojanDownloader:Win32/Jowspry already being present on the system; it is not an attack vector for initial infection.

 

TrojanDownloader:Win32/Jowspry may try to masquerade as a non-executable file by using file icons associated with applications such as including Adobe Acrobat (PDF), Microsoft Word document files (.doc), or image icons.