Microsoft Defender Antivirus detects and removes this threat.

The threat is a backdoor trojan that is related to the "trojanized" version of a third-party utility known as "CCleaner". If you have installed the infected or trojanized version of CCleaner, it's likely you'll have this threat detected on your machine.

Find out ways that malware can get on your PC.

TrojanDownloader:Win32/Small.BDC is a Trojan downloader that targets certain versions of Microsoft Windows. The Trojan is downloaded and executed by files infected by a variant of Virus:Win32/Small. TrojanDownloader:Win32/Small.BDC downloads and executes malicious software from a Web site without user interaction.

Trojan:Win32/Conhook is a family of Trojans that installs themselves as Browser Helper Objects (BHOs), and connects to the Internet without user consent. They also terminate specific security services, and download additional malware to the computer.

Win32/Conhook is a family of Trojans that installs themselves as Browser Helper Objects (BHOs), and connects to the Internet without user consent. They also terminate specific security services, and download additional malware to the computer.

Trojan:Java/Classloader.D is a malicious Java applet that can infect Microsoft Windows computers that are not patched with Microsoft Security Update MS03-011. An attacker can insert the Java applet into HTML code and host the code on a Web server or send the code in e-mail. When a user opens the malicious Web page or e-mail, the vulnerability allows the applet to bypass a security check on the computer. The applet can then run malicious code on the computer and open a backdoor to receive commands from attackers.

TrojanSpy:Win32/Ursnif.gen!D is a generic detection for a family of trojans that attempts to steal sensitive data, monitor network traffic and download additional malware. Win32/Ursnif.gen!D attempts to send the collected data to a remote server and disables several services, such as the system firewall.

Windows Defender AV detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

TrojanDownloader:Win32/Small.APT is a Trojan downloader that targets certain versions of Microsoft Windows. The Trojan can download and run files from an FTP server and various Web sites. It also terminates security-related processes. 

TrojanDropper:Win32/Bagle.BT is a Trojan dropper that targets computers running certain versions of Microsoft Windows. The Trojan drops TrojanDownloader:Win32/Bagle.BT.dll, which downloads and runs malicious files from Web sites. TrojanDropper:Win32/Bagle.BT is a variant of TrojanDropper:Win32/Bagle.BK.

TrojanDownloader:Win32/Vildo.P!CME-402 downloads programs from certain URLs to the host computer and runs the programs without notifying the user. The Trojan conceals itself and bypasses local software firewall policies by injecting itself into the Windows explorer.exe process and running from within that process context.

TrojanDownloader:Win32/Vildo.P downloads programs from certain URLs to the host computer and runs the programs without notifying the user. The Trojan conceals itself and bypasses local software firewall policies by injecting itself into the Windows explorer.exe process and running from within that process context. TrojanDownloader:Win32/Vildo.P is detected by Microsoft as TrojanDownloader:Win32/Vildo.P!CME-402.

Win32/Nuwar.N@MM!CME-711 is a mass-mailing email worm that sends a trojan dropper via email. When the trojan attachment is opened, it installs a distributed peer-to-peer (P2P) downloader for the Win32/Nuwar worm component.

Win32/Nuwar.N@MM!CME-711 is a mass-mailing email worm that sends a trojan dropper via email. When the trojan attachment is opened, it installs a distributed peer-to-peer (P2P) downloader for the Win32/Nuwar worm component.

Trojan:Win32/Lowzones.gen!A is a detection for trojans that lower Internet security settings.

Spammer:Win32/Nuwar.B is a component of the Win32/Nuwar Trojan family, and is used to relay e-mails. E-mail messages are sent in various formats, commonly containing a hyperlink to a remote Web site hosting Win32/Nuwar Trojan files.

Worm:Win32/Neeris.A is a chat client worm with backdoor Trojan functionality. The worm uses API calls for both Windows Messenger and AOL Messenger to send messages to contacts, with an attached file containing a copy of the worm. Worm:Win32/Neeris.A connects to an IRC server and waits to receive commands, such as to self-update, remove itself, download various programs and malware, or terminate running processes.

Worm:Win32/Neeris.B is a chat client worm with backdoor Trojan functionality. The worm uses API calls for both Windows Messenger and AOL Messenger to send messages to contacts, with an attached file containing a copy of the worm. Worm:Win32/Neeris.B connects to an IRC server and waits to receive commands, such as to self-update, remove itself, download various programs and malware, or terminate running processes.

Exploit:Win32/RdrJmp.A exploits unpatched Adobe Reader & Adobe Acrobat applications installed on Windows XP computers. Opening a malicious .PDF data file containing the exploit could result in the installation of additional malware, including TrojanSpy:Win32/Agent.BI, Trojan:Win32/Agent.OS and PWS:Win32/Ldpinch.W.

 

Microsoft has published Microsoft Security Advisory 943521 related to this threat:

 

Adobe has published updates for vulnerable applications:
http://www.adobe.com/support/security/bulletins/apsb07-18.html

Worm:Win32/Wowsteal.ZE is a password stealer for the computer video game World of Warcraft (WoW). This malware sends captured passwords to a remote destination configured by the malware author, spreads by copying itself to removable drives and uses advanced stealth techniques to hide its presence on the affected machine.

Trojan:Win32/Alureon.gen!D is a generic detection for a Trojan that may modify DNS settings on the host computer to enable the attacker to perform malicious tasks. These tasks could include intercepting inbound and outbound Internet traffic from the host computer, and capturing confidential information such as user names, passwords, and credit card data.

 

Please note that it may be necessary to reconfigure DNS settings after the Trojan is removed from the computer.