We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Aliases: No associated aliases
Win32/Bamital is a family of malware that intercepts web browser traffic and prevents access to certain security-related websites by modifying the Hosts file. Bamital variants may also modify certain legitimate Windows files in order to execute their payload.
In the wild, the Bamital family has been used to perpetrate click-fraud.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
This malware creates entries in the Hosts file to prevent access to certain websites. To recreate a clean Hosts file, please refer to the following article:
- Recreating a clean Hosts file: http://support.microsoft.com/kb/972034