We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanDownloader:O97M/Powdow
Aliases: No associated aliases
Summary
Windows Defender detects and removes this threat.
This threat is a macro downloader. It typically arrives through spam email. It tries to trick users to enable macros.
When the macro is enabled, the obfuscated macro code runs another PowerShell script. The macro tries to download other malware including PWS:Win32/Fareit.P.
Find out ways that malware can get on your PC.
As part of our continued efforts to tackle entire classes of threats, Office 365 client applications now integrate with Antimalware Scan Interface (AMSI), enabling Windows Defender ATP and other security solutions to scan macros and other scripts at runtime to check for malicious behavior. Learn how this integration exposes malicious intent even with heavy obfuscation: Office VBA + AMSI: Parting the veil on malicious macros.
Use the following free Microsoft software to detect and remove this threat:
- Windows Defender for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
You should also run a full scan. A full scan might find hidden malware.
Get more help
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.
