Published Mar 03, 2011 | Updated Sep 15, 2017


Severe |Detected with Windows Defender Antivirus

Aliases: W32/Virut.AI!Generic (Command) W32/Tdss.FVZ (Norman) Trojan horse Dropper.Generic3.XWV (AVG) TR/Buzus.hcgj.1 (Avira) Trojan.Generic.KD.145153 (BitDefender) Win32.HLLW.Phorpiex.2 (Dr.Web)


Worm:Win32/Phorpiex.A is a worm that spreads via removable drives and Windows Live Messenger. It allows an attacker to gain backdoor access and control of your computer.

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

Disable Autorun functionality

This threat attempts to spread via removable drives on computers that support Autorun functionality. This is a particularly common method of spreading for many current malware families. For information on disabling Autorun functionality, please see the following article:

Changing Windows Live Messenger credentials

This threat may attempt to steal your Microsoft account credentials to spread itself or other malware. If you believe that your account may have been compromised, please refer to the following advisory for additional advice:

Follow us