We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Win32/Chroject
Aliases: Trojan/Win32.Necurs (AhnLab) Win32/Cryptor (AVG) TR/Tracur.A.6170 (Avira) W32/Ransom.PMPQ-5161 (Command) Trojan.Asterope.4 (Dr.Web) Win32/Injector.BNUK trojan variant (ESET) W32/Yakes.GTBU!tr (Fortinet) Worm.Win32.Ngrbot (Ikarus) Trojan.Win32.Yakes.gtbu (Kaspersky) Ransom-FON!18082241DF24 (McAfee) BACKDOOR.Trojan (Symantec) TROJ_SPNR.38JQ14 (Trend Micro)
Summary
Windows Defender detects and removes this threat.
This threat uses your PC to perform click fraud. It runs in the background and uses a significant amount of your PC's power and network bandwidth. This can severely impact the performance of your PC, the speed of your Internet connection, and may lead to excess data usage charges from your Internet service provider.
To fully remove this threat you should run a full scan with your security product and then restart your PC.
You can use the following free Microsoft software to detect and remove this threat:
- Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
Get more help
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.
