Skip to main content
Published Jun 14, 2011 | Updated Sep 15, 2017


Detected by Microsoft Defender Antivirus

Aliases: Win-Trojan/Injector.636416.D (AhnLab) W32/Dorkbot.B.gen!Eldorado (Command) Trojan.Injector!mcxcCCeftrA (VirusBuster) W32.IRCBot.NG (Symantec) WORM_DORKBOT.QUN (Trend Micro) ngrBot (other)


Windows Defender detects and removes this threat.

This family of worms can steal your user names and passwords by spying on what you do online. They can block websites that are related to security updates and launch a limited denial of service (DoS) attack.

They spread through USB flash drives, instant messaging programs, and social networks.

There is more information in the Win32/Dorkbot family description.

Find out ways that malware can get on your PC.  

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other, hidden malware.

Protect your sensitive information

This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:

You should change your passwords after you've removed this threat:

Scan removable drives

Remember to scan any removable or portable drives. If you have Microsoft security software, see this topic on our software help page:

Disable Autorun

This threat tries to use the Windows Autorun function to spread via removable drives, like USB flash drives. You can disable Autorun to prevent worms from spreading:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Follow us