We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanDownloader:Win32/Dofoil.AB
Aliases: No associated aliases
Summary
Microsoft Defender Antivirus detects and removes this threat.
This sophisticated downloader has been observed to download Trojan:Win32/Dofoil.AB and Trojan:Win32/CoinMiner.D in the wild. It injects its code and runs hidden in system programs to avoid detection.
On March 6, 2018, behavior monitoring and machine learning technologies in Microsoft Defender Antivirus stopped a Dofoil variant (also known as Smoke Loader) that tried to infect more than 400,000 computers. The massive campaign aimed to install a cryptocurrency miner that uses victim computers' resources for coin mining purposes. Learn how artificial intelligence stopped the attack within minutes:
Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
Secure configuration
To ensure you have the best protection, enable the following:
- Cloud-delivered protection
- Automatic sample submission
To access these settings on the Windows Defender Security Center app, use the Windows search box to find and open the Windows Defender Security Center. Navigate to Virus & threat protection settings.
Prevent malware infection
To prevent future infection, follow our guide on preventing malware infection.
