Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
1504 entries found. Displaying page 14 of 76.
Updated on May 12, 2017

Windows Defender AV detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. Unlike other ransomware, however, this threat has worm capabilities. It uses an exploit code for a patched SMB vulnerability, CVE-2017-0145. This vulnerability was fixed in security bulletin MS17-010, which was released on March 14, 2017. We remind all customers to keep computers up-to-date.

The exploit code used by this threat to spread to other computers was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems. The exploit does not affect Windows 10 PCs.

For more information about this ransomware (which is also known as WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, or WCRY), you can read the following entries on the Windows Security blog and Microsoft Security Response Center:

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Alert level: severe
Updated on Dec 12, 2006
Trojan:Win32/Delf.M!CME-96 is a user-mode rootkit that hides its own presence on the system, as well as hiding the presence of other malicious software to which it may be associated.
Alert level: severe
Updated on Jan 16, 2007
Trojan:Win32/Delf.M is a user-mode rootkit that hides its own presence on the system, as well as hiding the presence of other malicious software to which it may be associated. This trojan will be detected by Microsoft as Trojan:Win32/Delf.M!CME-96.
Alert level: severe
Updated on Mar 02, 2007
Trojan:Win32/Alureon.B is a trojan that may help an attacker intercept inbound and outbound Internet traffic from the host computer. This may allow an attacker to capture confidential information such as user names, passwords, and credit card data. The trojan may also enable an attacker to transmit malicious data to the infected computer. Trojan:Win32/Alureon.B may modify DNS settings on the host computer to enable the attacker to perform malicious tasks. Therefore it may be necessary to reconfigure DNS settings after the trojan is removed from the computer.
Alert level: severe
Updated on Mar 02, 2007
Trojan:Win32/Alureon.E is a trojan that modifies DNS settings on the host computer. The altered DNS settings may enable an attacker to intercept inbound and outbound Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. The modified DNS settings may also enable an attacker to transmit malicious data to the infected computer. Because the trojan modifies DNS settings on the computer, it may be necessary to reconfigure those settings after the trojan is removed from the computer.
Alert level: severe
Updated on Jul 25, 2007
Trojan:Win32/Agent.B is a Trojan that redirects Web traffic and manipulates certain Windows applications. Trojan:Win32/Agent.B may install other unwanted software, or may be bundled with other unwanted software.
Alert level: severe
Updated on Jan 07, 2014

Microsoft security software detects and removes this family of threats.

This malware family can steal your sensitive information and send it to a malicious hacker. The family can also download other malware and give backdoor access to your PC.

Variants of the family can spread via infected removable drives, such as USB flash drives. They can also be downloaded by other malware, or spread though malicious links and hacked websites.

Find out ways that malware can get on your PC.  

Alert level: severe
Updated on Nov 05, 2014

Winnti is a family of multi-component malware that give threat actors persistent access and control over infected devices through a backdoor. It has known associations with activity groups involved in cyberespionage.

Alert level: severe
Updated on Apr 08, 2015

Microsoft security software detects and removes this family of threats.

This malware family can steal credit card information from point-of-sale systems.

It can be installed by a malicious hacker using brute force to guess your password, or through a software vulnerability.

Alert level: severe
Updated on Feb 23, 2005
Trojan:Win32/Goweh.A is a Trojan that alters several settings in Internet Explorer, changing the home page and redirecting search queries and traffic to other Web pages. Win32/Goweh.A is usually installed by another Trojan dropper or downloader.
Alert level: severe
Updated on Feb 24, 2005
Trojan:Win32/Goweh.C is a Trojan that alters several settings in Internet Explorer. It changes the home page and redirects search queries and traffic to other Web pages. Win32/Goweh.C is usually installed on a computer by another Trojan dropper or downloader.
Alert level: severe
Updated on Feb 24, 2005
Trojan:Win32/Goweh.F is a Trojan that alters several settings in Internet Explorer. It changes the default home page and redirects search queries and traffic to other Web pages. Win32/Goweh.E is normally installed on a computer by another Trojan dropper or downloader.
Alert level: severe
Updated on Dec 08, 2006

Windows Defender detects and removes this threat.

Adware:Win32/Wintrim is a Browser Helper Object BHO that displays pop-up advertisements on your computer.

Alert level: high
Updated on Jan 17, 2007
EliteBar displays pop-up advertisements on the desktop and may take other actions without user consent. It may add its own toolbar in Internet Explorer, for which it may install a browser helper object (BHO). EliteBar may also change the user's Internet Explorer home page and add its own "favorites" URLs to the user's Favorites list. Elitebar employs user-mode rootkit techniques to hide some of its files, processes, and registry entries, so that these resources are not visible in system utilities such as Windows Explorer, Task Manager, and Registry Editor. Elitebar may be installed without notifying the user, and may silently download and install updates or other executable code. 
Alert level: severe
Updated on Feb 06, 2007
Worm:Win32/Bagle.ZD@mm is a mass-mailing e-mail worm that attempts to download and run arbitrary files from remote Web sites. Worm:Win32/Bagle.ZD@mm collects e-mail address from the local drive and also obtains e-mail addresses by checking Web site URLs included in the worm's code. The worm attempts to terminate the Windows Automatic Update service and modifies the System Registry in an attempt to disable booting into Safe Mode.
Alert level: severe
Updated on Feb 07, 2007

This program was detected by definitions prior to 1.175.1915.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

Alert level: high
Updated on Apr 25, 2007
Trojan:Win32/Startpage.SH is a trojan that replaces the Windows desktop icon for Internet Explorer with an icon that runs the trojan instead. This trojan also changes Windows system settings.
Alert level: severe
Updated on May 24, 2007
TrojanDownloader:Win32/VB.BZ displays erroneous warning messages in an attempt to mislead the user into believing they are infected with malicious software. The program then prompts the user to download additional software in order to resolve the erroneously detected issues.
Alert level: high
Updated on Jul 22, 2007
Trojan:Win32/Matcash is a multi-component family of trojans that downloads and executes arbitrary files. Some variants of this family may install a toolbar. The toolbar is installed as a Browser Helper Object (BHO), allowing the toolbar to run when the browser is launched. 
Alert level: severe
Updated on Aug 29, 2007
Trojan:Win32/Tibs.DV is a Trojan that allows unauthorized access to an infected computer. The Trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This Trojan also contains advanced stealth functionality that allows it to hide particular files, folders and processes.
Alert level: severe