Aliases: Win-Trojan/Injector.636416.D (AhnLab) W32/Dorkbot.B.gen!Eldorado (Command) Trojan.Injector!mcxcCCeftrA (VirusBuster) W32.IRCBot.NG (Symantec) WORM_DORKBOT.QUN (Trend Micro) ngrBot (other)
Windows Defender detects and removes this threat.
This family of worms can steal your user names and passwords by watching what you do online. They can also download other malware and stop you from visiting security-related websites. Some variants can use your PC in a denial of service (DoS) attack.
They spread via infected USB flash drives, or in a malicious link sent though instant messaging programs and social networks.
Use the following free Microsoft software to detect and remove this threat:
- Windows Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
You should also run a full scan. A full scan might find other, hidden malware.
Protect your sensitive information
This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:
You should change your passwords after you've removed this threat:
Scan removable drives
Remember to scan any removable or portable drives. If you have Microsoft security software, see this topic on our software help page:
This threat tries to use the Windows Autorun function to spread via removable drives, like USB flash drives. You can disable Autorun to prevent worms from spreading:
Get more help
If you’re using Windows XP, see our Windows XP end of support page.