Skip to main content
Published Nov 05, 2014 | Updated Sep 15, 2017


Detected by Microsoft Defender Antivirus

Aliases: Backdoor/Win32.Etso (AhnLab) winpe/Agent.ALQHI (Norman) Trojan horse Agent3.BHML (AVG) BDS/Rogue.724628.2 (Avira) Trojan.DownLoader4.54317 (Dr.Web) Win32/Agent.SUQ trojan (ESET) W32/Agent.SUQ (Fortinet) Backdoor.Win32.Winnti (Ikarus) Troj/Winnti-A (Sophos) BKDR_WINNTI.SM2 (Trend Micro)


Microsoft Defender Antivirus detects and removes this threat.

Winnti is a family of multi-component malware that give attackers persistent access and control over infected computers through a backdoor. It has known associations with activity groups involved in cyberespionage.

Find out ways that malware can get on your PC.

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find hidden malware.

Insert any additional remediation steps

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Follow us