We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanDropper:Win32/Zolpiq.A
Detected by Microsoft Defender Antivirus
Aliases: TrojanDropper:Win32/Swofi.A (other) TR/Drop.Small.hdo (Avira) Trojan-Dropper.Win32.Small.hdo (Kaspersky)
Summary
TrojanDropper:Win32/Zolpiq.A is a trojan that installs other malware detected as TrojanProxy:Win32/Zolpiq.A.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
This malware may make lasting changes by replacing and renaming Windows system files. This action will NOT be restored by detecting and removing this threat. To return an infected computer to its pre-infected state, files renamed and moved by this malware must be recovered from backup. The malware stores a backup of the non-malicious file "mspmsnsv.dll" as the following:
-
%ProgramFiles%\Common Files\bak.dll
Copy this file to the Windows system folder as "mspmsnsv.dll". Commonly the folder is located at the following path:
-
C:\Windows\System32\
Follow us
