Skip to main content
Skip to main content
Microsoft Security Intelligence
Published Jul 12, 2010 | Updated Aug 22, 2017


Detected by Microsoft Defender Antivirus

Aliases: Win-Trojan/Rootkit.792064 (AhnLab) TR/Rootkit.Gen (Avira) Gen:Rootkit.Nixoa.1 (BitDefender) Win32/ASuspect.HADYW (CA) Trojan.NtRootKit.5980 (Dr.Web) Trojan.WinNT.Bubnix (Ikarus) Rootkit.Win32.Agent.aioy (Kaspersky) Generic Rootkit.ej (McAfee) W32/Rootkit.BNQN (Norman) Rootkit/Bubnix.A (Panda) Mal/SysPk-A (Sophos) Hacktool.Rootkit (Symantec) TROJ_BUBNIX.SMA (Trend Micro)


Win32/Bubnix is a generic detection for a kernel-mode driver installed by other malware that hides its presence on an affected computer by blocking registry and file access to itself. The trojan may report its installation to a remote server, download and distribute spam e-mail messages and could download and execute arbitrary files.
Manual removal is not recommended for this threat. Use the Microsoft Malicious Software Removal Tool, Microsoft Security Essentials, Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see
Follow us