Windows Defender detects and removes this threat.

Win32/FakeXPA is a family of programs that claims to scan for malware and displays fake warnings of malicious programs and viruses. They then ask you to pay for and register the software to remove these fake threats from your PC. Some members of Win32/FakeXPA can also download other malware and have been observed in the wild downloading variants of Win32/Alureon.

Windows Defender detects and removes this threat.

This threat is a worm, which means it spreads from PC to PC. This particular worm spreads by copying itself to mapped network or removable drives. If someone tries to open that drive from another PC, their PC will be infected.

Find out ways that malware can get on your PC.  

Win32/Bamital is a family of malware that intercepts web browser traffic and prevents access to certain security-related websites by modifying the Hosts file. Bamital variants may also modify certain legitimate Windows files in order to execute their payload.

In the wild, the Bamital family has been used to perpetrate click-fraud.

Windows Defender detects and removes this threat.

Win32/Yimfoca is a worm family that spreads via common instant messaging applications and social networking sites. It is capable of connecting to a remote HTTP or IRC server to receive updated configuration data. It also modifies certain system and security settings.

Windows Defender detects and removes this threat.

This family of worms can steal your user names and passwords by watching what you do online. They can also download other malware and stop you from visiting security-related websites. Some variants can use your PC in a denial of service (DoS) attack.

They spread via infected USB flash drives, or in a malicious link sent though instant messaging programs and social networks.

Find out ways that malware can get on your PC.  

Windows Defender detects and removes this threat.

Win32/Magistr is a family of mass-mailing worms that spread by sending themselves as an email attachment to addresses found on an infected PC.

It is also a memory resident polymorphic file infector that searches and infects files with .EXE and .SCR file extensions found on the local file system, as well as in the shared folders on the local area network.

Win32/Kelihos is a trojan family that distributes spam email messages. The spam messages could contain hyperlinks to installers of Win32/Kelihos malware. The malware may communicate with remote servers to exchange information that is used to execute various tasks, including sending spam email, capturing sensitive information or downloading and executing arbitrary files.

Windows Defender detects and removes this threat.

Win32/Pluzoks is a trojan that silently downloads and installs files without your consent.

Find out ways that malware can get on your PC.  

Win32/Helompy is a worm that spreads via removable drives and attempts to capture and steal authentication details for a number of different websites or services, including Facebook and Gmail. The worm contacts a remote host to download arbitrary files and to upload stolen details.

Win32/Pameseg is a family of installers that require the user to send an SMS message to a premium number to successfully install certain programs, some of which are otherwise be available for free. Currently, most variants target Russian speakers.

For more information on Pameseg, please see the following blog posts:

• Easy Money: Program:Win32/Pameseg (part one)
• Easy Money: Program:Win32/Pameseg (part two)
• Fake apps: Behind the effective social strategy of fraudulent paid-archives

Win32/Bocinex is a detection for a family of malware that launches a Bitcoin mining client, detected as Program:Win32/CoinMiner. The client is configured to attribute newly generated Bitcoin digital cash, or "BTC", to an attacker's Bitcoin account.

Microsoft Defender Antivirus detects and removes this threat.

This malware family can give a malicious hacker control of your PC. The malware can also steal your sensitive information and change your PC security settings.

We've seen them installed by exploit kits and other malware. They can also be attached to spam emails.

Some variants of this family are worms and can spread by infecting removable drives (such as USB flash drives or portable hard disks). If you plug those drives into another PC, the worm will infect that PC as well. See Worm:Win32/Gamarue for more information.

On November 29, 2017, law enforcement agencies, in cooperation with Microsoft Digital Crimes Unit and with help from Windows Defender researchers, disrupted the Gamarue (also known as Andromeda). For more information:

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)