VirTool:WinNT/Haxdoor.E

Detected by Microsoft Defender Antivirus

Aliases: Backdoor:Win32/Haxdoor.gi (Kaspersky) Win32/Haxdoor.AW (CA) BackDoor-BAC.sys (McAfee) W32/Haxdoor.AAI (Norman) Troj/Haxdor-Gen (Sophos) Backdoor.Haxdoor.E (Symantec) BKDR_Generic (Trend Micro)

Summary

VirTool:WinNT/Haxdoor.E is a kernel-mode rootkit-enabled Trojan that allows remote control of the infected machine over the Internet. The Trojan contains instructions that allow it to disable certain antivirus programs and firewall applications, log keystrokes, allow remote connections, lower security settings or perform other unwanted actions. VirTool:WinNT/Haxdoor.E gathers user and system information and sends it to a third party.

VirTool:WinNT/Haxdoor.E is a rootkit-enabled Trojan that employs stealth functionality to avoid user detection. The Trojan attempts to hide files it has used to infect your computer, thus manual removal is not recommended. To remove the Trojan, disconnect from the Internet and scan the system with up-to-date antivirus software. Do not reconnect your computer to the Internet until the computer is protected from re-infection. See the "Preventing Infection" section for more information.

VirTool:WinNT/Haxdoor.E

Summary

What to do now

Technical information

Threat behavior

Prevention

Symptoms