We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
VirTool:Win32/VBInject.P
Detected by Microsoft Defender Antivirus
Aliases: Backdoor.Win32.Poison.pyr (Kaspersky) Backdoor.Darkmoon (Symantec)
Summary
VirTool:Win32/VBInject.P is a detection for Visual Basic compiled files that attempt to inject malicious code into certain processes, such as iexplore.exe, or drop and execute a malicious file in the system. The malicious code or file is usually encrypted and/or compressed, and is decrypted and decoded before it is injected into a process or dropped and run.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.
Follow us
