Microsoft security software detects and removes this family of threats.

These threats can connect to a malicious hacker to receive further instructions. This can include downloading other malware, and sending the malicious hacker information about your PC.

They can be downloaded by other malware including Win32/Mdmbot, Win32/Moudoor, Win32/Plugx, Win32/Sensode, and Win32/Derusbi.

Find out ways that malware can get on your PC.  

Microsoft security software detects and removes this family of threats.

Malicious hackers can use this trojan family to steal sensitive information from your PC. These threats are usually used in targeted attacks.

Find out ways that malware can get on your PC.  

Microsoft security software detects and removes this family of threats.

This malware family can install Bitcoin mining software on your PC. This can make your PC run slower than usual.

They can also stop some services from running on your PC. 

Find out ways that malware can get on your PC.

Windows Defender detects and removes this threat.

The threat is a rogue, which means it pretends to be security software. It looks and acts like Windows Defender, but is completely fake.

It uses names such as "Spyware Defender" or "System Defender".

It says it finds malware, viruses, and threats on your PC, and that you need to pay money to fully remove them. The threats do not exist - the rogue is just trying to scare you into paying money for a piece of software that does not work. 

The threat might also block access to some websites, change your PC's security settings, and open Internet Explorer windows that load adult content.

It might have been downloaded onto your PC by another malware, or you might have been tricked into downloading it, thinking it was legitimate. 

Find out ways that malware can get on your PC. 

Windows Defender detects and removes this threat.

The threat is a virus that locks your PC and demands a payment to unlock it. 

It spreads by infecting certain files on your desktop, removable drives, and shared or network drives.

This threat might have got on your PC if you try to open a file on a network or that was shared with you.

You can read more on our ransomware page.

Find out ways that malware can get on your PC.  

Windows Defender detects and removes this threat.

We’ve seen this threat family download other malware from the following families:

• Win32/Critroni
• Win32/Tinba
• Win32/Vawtrack
• Win32/Zbot

Dalexis might pretend to be an invoice or receipt attached to a spam email, using social engineering tactics to get on your PC.

Find out ways that malware can get on your PC.  

Microsoft security software detects and removes this family of threats.

These threat can steal your credit card information.

It can be installed by other malware or by an exploit when you visit a malicious or compromised website.

Microsoft security software detects and removes this family of threats.

This malware family can give a malicious hacker access and control of your PC.

These threats can be installed when you open a spam email attachment.

Microsoft security software detects and removes this family of threats.

Malware in this family can steal your sensitive information, including your credit card details.

They can be installed on your PC by software exploits, or by other malware.

Win32/Bagle.A@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds in certain files on the infected computer. The worm is activated when the e-mail recipient opens the attachment. The worm monitors a random TCP port for instructions from remote attackers.

Win32/Bagle.B@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens the attachment. The worm monitors a random TCP port for instructions from remote attackers.

Win32/Bagle.D@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when the e-mail recipient opens the attachment. The worm monitors a randomly-selected TCP port for instructions from remote attackers.

Win32/HLLW.Nachi.A is a network worm that targets Microsoft Windows 2000 and Windows XP. It propagates by exploiting several known vulnerabilities. It tries to download and apply security updates if it detects the operating system is a certain language version. It also tries to remove the MSBlast worm if it is on the infected system.

Win32/Korgo.B.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected systems. A computer infected with this worm may crash and reboot unexpectedly.

Win32/Korgo.C.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm monitors TCP ports and opens a backdoor to allow unauthorized access to infected systems. A computer infected with this worm may crash and reboot unexpectedly.

Win32/Korgo.F.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected systems. A computer infected with this worm may crash and reboot unexpectedly.

Win32/Korgo.G.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.

Win32/Korgo.I.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.

Worm:Win32/Korgo.L is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm monitors TCP ports and opens a backdoor to allow unauthorized access to infected systems. A computer infected with this worm may crash and reboot unexpectedly.