Skip to main content
Skip to main content
Microsoft Security Intelligence
Published May 26, 2011 | Updated Aug 22, 2017


Detected by Microsoft Defender Antivirus

Aliases: No associated aliases


Win32/Bamital is a family of malware that intercepts web browser traffic and prevents access to certain security-related websites by modifying the Hosts file. Bamital variants may also modify certain legitimate Windows files in order to execute their payload.

In the wild, the Bamital family has been used to perpetrate click-fraud.

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

For more information on antivirus software, see

This malware creates entries in the Hosts file to prevent access to certain websites. To recreate a clean Hosts file, please refer to the following article:

Follow us