We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Virus:Win32/Cutwail.B
Detected by Microsoft Defender Antivirus
Aliases: Trojan.Keylogger.iOpus.A (BitDefender) Trojan.Win32.Patched.m (Kaspersky) Trojan:Win32/Patch.C (Microsoft) Trojan.Pandex!inf (Sunbelt Software)
Summary
Virus:Win32/Cutwail.B is a virus that patches the file WINLOGON.EXE - a system file for Windows that manages Windows logon. This modification is used to load the file wsys.dll.
To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.
Restoring Winlogon.exe
Virus:Win32/Cutwail.B may affect winlogon.exe beyond reasonable repair. Should your antivirus solution report a Virus:Win32/Cutwail.B infection, we recommend using the System File Checker (sfc) to scan your system files and restore winlogon.exe if necessary. For information on using the System File Checker on Windows XP, please see the following URL: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/system_file_checker.mspx?mfr=true
Follow us
