VirTool:WinNT/Ghodow.B

Detected by Microsoft Defender Antivirus

Aliases: Rkit/Agent.behj (Avira) Win32/Bvatik.A (CA) Trojan.Siggen1.10141 (Dr.Web) Win32/Dalixi.A (ESET) Rootkit.Win32.Agent.behj (Kaspersky) RootKit.Win32.Mnless.bpg (Rising AV)

Summary

VirTool:WinNT/Ghodow.B is a component of Win32/Ghodow. It modifies the master boot record (MBR) of the local hard drive, and writes malware code as raw disk sectors from sector 02 through sector 57. VirTool:WinNT/Ghodow.B also writes a clean copy of the MBR in sector 01.

Manual removal is not recommended for this threat. Use Microsoft Security Essentials or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

VirTool:WinNT/Ghodow.B

Summary

What to do now

Technical information

Threat behavior

Installation

Payload

Additional information

Prevention

Symptoms

System changes