We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
VirTool:WinNT/Hackdef.I
Detected by Microsoft Defender Antivirus
Aliases: Backdoor.HackDefender (Symantec)
Summary
VirTool:WinNT/Hackdef.I is a Windows kernel-mode rootkit program that targets computers running certain versions of Microsoft Windows. It can be used to elevate process privileges. This rootkit is often bundled with other malicious software; this may include variants of Win32/Hackdef such as Backdoor:Win32/Hackdef.BB.
It is not possible to recover manually from VirTool:WinNT/Hackdef.I. You must use up-to-date antivirus software to completely clean this Trojan from your computer. To recover from this Trojan using antivirus software, follow these steps:
- Disconnect from the Internet.
- Run up-to-date antivirus software.
- Take steps to prevent re-infection.
Disconnect from the Internet
To help ensure that your computer is not actively infecting other computers, disconnect it from the Internet before proceeding by unplugging your network cable or disabling your wireless connection. You can reconnect to the Internet after running antivirus software.
Run up-to-date antivirus software
Run up-to-date antivirus software to completely clean this Trojan from your computer.
Take steps to prevent re-infection
Do not reconnect your computer to the Internet until the computer is protected from re-infection. See the "Preventing Infection" section for more information.”
Follow us
