PWS:Win32/Lolyda.AD is a member of Win32/Lolyda - a family of trojans that sends account information from popular online games to a remote server. They may also download and execute arbitrary files.

PWS:Win32/Sinowal.gen!M is the generic detection for a member of the Win32/Sinowal family. It drops other malware and steals online banking and FTP credentials.

TrojanSpy:Win32/Bancos.MV is a password stealing trojan that installs itself as a BHO (Browser Helper Object). It sends its stolen data to predefined e-mail addresses. It may also attempt to connect to certain IP addresses to download other files, which may be malware.

TrojanSpy:Win32/Bancos.KY is a password stealing trojan that targets online banking customers of certain Brazilian banks.

Win32/Ligsetrac is a family of trojans that targets ATM (Automatic Teller Machine) systems in order to steal sensitive information.

Trojan:Win32/VB.RF is a generic detection for trojans written in Visual Basic that may display certain information-stealing behavior. Depending on the sample, it may act like a trojan that steals credentials from users of online banking from the Brazilian bank Caixa. It may start every time Windows starts, download other malware, or terminate security processes (such as 'TeaTimer.exe'). It may also have spreading capabilities through removable drives or MSN Messenger.

Trojan:WinNT/Sinowal.F is a complex driver component associated with command and control functions and the advanced stealth features of the Win32/Sinowal family. WinNT/Sinowal.F may download other malware from a predefined Web site.

 

Win32/Sinowal is a family of password-stealing and backdoor trojans. These trojans may try to find a cryptographic certificate on the infected computer and install a certificate on the computer to mislead users in Secure Sockets Layer (SSL) Web transactions. Some Win32/Sinowal components may also use advanced stealth functionality, or try to perform certain operations from the context of a trusted process such as explorer.exe in order to bypass local software-based firewalls.

PWS:Win32/Ldpinch.CC is a member of Win32/Ldpinch - a family of trojans that steals sensitive information from affected machines and sends it to a remote attacker. In particular, Ldpinch variants target passwords for a comprehensive selection of FTP, chat and e-mail clients, as well as those stored by browsers and in protected storage.

PWS:Win32/Lolyda.AT is from a family of trojans that steals account information from popular online games and sends it to a remote server. It can also take screenshots, terminate processes, and hook certain APIs.

Windows Defender Antivirus detects and removes this threat.

 

This trojan can steal information about your PC and install other malware.

 

Find out ways that malware can get on your PC.  

PWS:Win32/Lolyda.AK is a detection for a password-stealing trojan that steals account information from popular online games and sends the captured details to a remote server.

PWS:Win32/Lolyda.AM is a detection for a password stealing trojan that steals account information from popular online games and sends the captured details to a remote server.

PWS:Win32/Zbot.TQ is a trojan that injects code into various processes. It may also steal sensitive system information, such as user names and passwords, and send it back to a remote attacker. It may also connect to various websites and download other components.

Microsoft Defender Antivirus detects and removes this threat. 

Ransom:Win32/LockScreen.AO is a ransomware that locks you out of your desktop. It asks you to pay a ransom fee so that you can regain use of your desktop.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Trojan:Win32/Dishigy.A is a trojan that captures keystrokes and steals login credentials through a method known as "form grabbing". Trojan:Win32/Dishigy.A sends captured data to a remote attacker and is capable of downloading additional malicious components.

Worm:Win32/Autorun.ABO is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new computers. Variants of Worm:Win32/Autorun usually spread using methods that include, but may not be limited to, copying themselves to removable or network drives, and placing an autorun.inf file in the root directory of each affected drive in an attempt to ensure that the worm is run when the removable drive is attached, or the network drive is visited from a remote system supporting the Autorun feature.

Trojan:Win32/EyeStye.M is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.

Trojan:Win32/EyeStye.AE is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.