We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Win32/Copali
Aliases: Trojan/Win32.Swisyn (AhnLab) W32/A-8c1b5ec5!Eldorado (Command) Trojan.Win32.Swisyn.ctcl (Kaspersky) TR/Beebone.1802242 (Avira) Trojan.Siggen4.59873 (Dr.Web) W32/Swisyn.CTC!tr (Fortinet) Virus.Win32.Vitru (Ikarus) Troj/Swisyn-AZ (Sophos) W32.SillyFDC (Symantec) TROJ_SPNR.35GA14 (Trend Micro)
Summary
Microsoft security software detects and removes this family of threats.
This family of worms can download other malware, including PWS:Win32/Zbot.
They spread through infected network and removable drives.
- Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
You should also run a full scan. A full scan might find hidden malware.
Disable Autorun
This threat tries to use the Windows Autorun function to spread via removable drives, such as USB flash drives. You can disable Autorun to prevent worms from spreading:
Scan removable drives
Remember to scan any removable or portable drives. If you have Microsoft security software, see this topic on our software help page:
Enable MAPS
Enable the Microsoft Active Protection Service (MAPS) on your system to protect your enterprise software security infrastructure in the cloud.
-
Check if MAPS is enabled in your Microsoft security product:
-
Select Settings and then select MAPS.
-
Select Advanced membership, then click Save changes. With the MAPS option enabled, your Microsoft anti-malware security product can take full advantage of Microsoft's cloud protection service.
- Join the Microsoft Active Protection Service Community.
Get more help
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.
