Skip to main content
Microsoft Security Intelligence
Published May 16, 2011 | Updated Sep 15, 2017


Detected by Microsoft Defender Antivirus

Aliases: Win-Trojan/Vundo.63488.M (AhnLab) Backdoor.Win32.Buterat.avp (Kaspersky) Backdoor.Buterat!OtIZ4eqzMNk (VirusBuster) BDS/Buterat.avp (Avira) Backdoor.Win32.Buterat (Ikarus) W32/Bamital.P (McAfee) TROJ_ZKRYPT.SMIH (Trend Micro)


Trojan:Win32/Vundo.gen!AW is the generic detection for components of Win32/Vundo - a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files.

Win32/Vundo is often distributed as a DLL file and installed on an affected computer as a Browser Helper Object (BHO) without a user's consent. This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.

For more information, please see the Win32/Vundo analysis elsewhere in the Microsoft Malware Protection Center encyclopedia.

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

For more information on antivirus software, see

Follow us