We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
VirTool:WinNT/Haxdoor.F
Detected by Microsoft Defender Antivirus
Aliases: Backdoor:Win32/Haxdoor.gi (Kaspersky) Win32/Haxdoor!generic (CA) W32/Haxdoor.AAK (Norman) Troj/Haxdoor-gen (Sophos) Backdoor.Haxdoor.E (Symantec) BKDR_Generic (Trend Micro)
Summary
VirTool:WinNT/Haxdoor.F is a kernel-mode rootkit-enabled Trojan that allows remote control of the infected machine over the Internet. The Trojan contains instructions that allow it to disable certain antivirus programs and firewall applications, log keystrokes, allow remote connections, lower security settings or perform other unwanted actions. VirTool:WinNT/Haxdoor.F gathers user and system information and sends it to a third party.
VirTool:WinNT/Haxdoor.A is a rootkit-enabled Trojan that employs stealth functionality to avoid user detection. The Trojan attempts to hide files it has used to infect your computer, thus manual removal is not recommended. To remove the Trojan, disconnect from the Internet and scan the system with up-to-date antivirus software. Do not reconnect your computer to the Internet until the computer is protected from re-infection. See the "Preventing Infection" section for more information.
Follow us
