Published Jun 06, 2014 | Updated Sep 15, 2017


Severe |Detected with Windows Defender Antivirus

Aliases: W32/Trojan.FAVQ-2299 (Command) TR/Crypt.ZPACK.99635 (Avira) TROJ_SPNR.0AJ414 (Trend Micro)


Microsoft security software detects and removes this family of threats.

Threats in this family can steal your sensitive information.

They can be installed on your PC by  kits such as , spam email attachments, or infected removable drives. They can also be downloaded by other malware such as and .exploitJS/NecluWin32/GamarueWin32/Dorkbot

Use the following free  software to detect and remove this threat:Microsoft

You should also run a full scan. A full scan might find hidden malware.

This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:

You should change your passwords after you've removed this threat:

This threat tries to use the function to spread via removable drives, such as flash drives. You can disable to prevent worms from spreading:Windows AutorunUSBAutorun

Remember to scan any removable or portable drives. If you have security software, see this topic on our software help page:Microsoft

Enable the  (MAPS) on your system to protect your enterprise software security infrastructure in the cloud.Microsoft Active Protection Service

You can also visit our  or search the for more help.advanced troubleshooting pageMicrosoft virus and malware community

If you’re using , see our .Windows XPWindows XP end of support page

Protect your sensitive information
Disable Autorun
Scan removable drives
Enable MAPS 
Get more help
  1. Check if MAPS is enabled in your Microsoft security product:

  2. Join the .Microsoft Active Protection Service Community
    1. Select and then select .SettingsMAPS

    2. Select , then click . With the MAPS option enabled, your Microsoft anti-malware security product can take full advantage of Microsoft's . Advanced membershipSave changescloud protection service

Follow us