We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
VirTool:WinNT/Citeary.B
Detected by Microsoft Defender Antivirus
Aliases: Hider.HT (AVG) TR/Rootkit.Gen (Avira) Trojan.NtRootKit.5460 (Dr.Web) Win32/AntiAV.NEG (ESET) Rootkit.Win32.Agent.adnt (Kaspersky) W32/Citeary.A (Norman) TROJ_AGENT.AWDJ (Trend Micro)
Summary
VirTool:WinNT/Citeary.B is a detection for a kernel-mode driver that hooks certain Windows API calls and is installed by Worm:Win32/Citeary.B. Worm:Win32/Citeary.B is a worm that spreads to all available drives including the local drive and attempts to download other malware from a predefined website.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.
Follow us
