Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
575 entries found. Displaying page 2 of 29.
Updated on Oct 15, 2008
Backdoor:WinNT/Rustock.E is a generic detection for a component of Win32/Rustock. Win32/Rustock is a family of rootkit-enabled backdoor trojans that have historically been used to send large volumes of spam from infected computers. More recently, Rustock variants have been associated with Rogue Security applications.
Normally the trojan consists of 3 components which are embedded within a single binary - the dropper (which runs in user mode), the driver's installer, and the actual rootkit driver, (both of which run in kernel mode).
For more information, please see the Win32/Rustock family entry, elsewhere in our encyclopedia. 
Alert level: severe
Updated on Dec 24, 2008
TrojanSpy:Win32/Baluch.A is a trojan that gathers information about the system. It also acts as a keylogger.
Alert level: severe
Updated on Mar 10, 2009
VirTool:WinNT/Malres.A is the detection for a rootkit that hides malware. It arrives in the system by being dropped by TrojanDropper:Win32/Malres.A.
Alert level: severe
Updated on Apr 09, 2009
Backdoor:WinNT/Rustock.H is a component of Win32/Rustock - a multi-component family of rootkit-enabled backdoor trojans, which were historically developed to aid in the distribution of 'spam' e-mail. First discovered sometime in early 2006, Rustock has evolved to become a prevalent and pervasive threat. Recent variants appear to be associated with the incidence of rogue security programs.
Alert level: severe
Updated on May 20, 2009
Win32/Daonol is a family of trojans capable of monitoring network traffic, stealing FTP credentials, preventing access to security Web sites, disabling access to system programs, and redirecting Web searches to sites hosting other malware.
Alert level: severe
Updated on Jun 12, 2009
VirTool:WinNT/Divapad.A is the malicious driver component of, and is dropped and installed by, TrojanDropper:Win32/Divapad.A. It logs network traffic.
Alert level: severe
Updated on Jul 16, 2009
Cutwail is a trojan which is able to download and executes arbitrary files. Downloaded files may be executed from disk or injected directly into another process. Whilst the functionality of the files that are downloaded may change, Cutwail usually downloads a trojan which is able to send spam. Cutwail also employs rootkit and other defensive techniques to avoid detection and removal.
 
VirTool:WinNT/Cutwail.M is a kernel-mode component used by Cutwail malware family. It contains functionality drop files and to run in Windows safe mode and Windows safe mode with network support.
Alert level: severe
Updated on Nov 11, 2009
Backdoor:WinNT/Festi.A is a backdoor trojan that allows limited remote access and control. It retrieves instructions and commands from a remote attacker by connecting to a remote website and downloading data. The commands could instruct WinNT/Festi.A to distribute spam.
Alert level: severe
Updated on Dec 15, 2009
Worm:Win32/Hamweq.AA is a worm that spreads via removable drives, such as USB memory sticks. It contains an IRC-based backdoor, which may be used by a remote attacker to order the affected machine to participate in Distributed Denial of Service attacks, or to download and execute arbitrary files.
Alert level: severe
Updated on Jan 08, 2010
Trojan:WinNT/Bubnix.D is a kernel mode trojan that masks its presence on an affected computer by blocking registry and file access to itself. The trojan may report its installation to a remote server and download and execute arbitrary files.
Alert level: severe
Updated on Feb 08, 2010
Trojan:Win32/Cryptrun.B!sys is a malicious device driver file that drops Trojan:Win32/Cryptrun.B from a malicious .hlp file. It runs at system start.
Alert level: severe
Updated on Mar 09, 2010
Trojan:WinNT/Bubnix.gen!A is a generic detection for a kernel-mode driver installed by other malware that hides its presence on an affected computer by blocking registry and file access to itself. The trojan may report its installation to a remote server, download and distribute spam e-mail messages and could download and execute arbitrary files.
Alert level: severe
Updated on Mar 18, 2010

Virus:Win32/Sirefef.A is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.

Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. If you are infected with Sirefef, we recommend you take the following steps to remove this threat from your computer:

Before you begin you will need:

- A computer that is not infected and is connected to the Internet. You will use this computer to download a copy of the Microsoft Safety Scanner
- A blank CD, DVD or USB drive. You will use this CD, DVD or USB drive to run the Scanner on your infected computer 

  1. Download a copy of the Microsoft Safety Scanner from a clean, uninfected computer
  2. Save a copy of the Scanner on a blank CD, DVD, or USB drive
  3. Restart the infected computer
  4. Insert the CD, DVD, or USB drive into your infected computer and run the Scanner
  5. Let the Scanner clean your computer and remove any infections it finds

After running the Scanner, ensure that your antivirus product is up-to-date. You can update Microsoft security products by downloading the latest definitions at this link: Get the latest definitions.

As a consequence of being infected with this threat, you may need to repair and reconfigure some Windows security features. Please see Additional remediation steps in this entry for more information.

Alert level: severe
Updated on Mar 18, 2010
Trojan:WinNT/Omexo.C is the detection for a malicious kernel mode driver that uses obfuscation techniques to hide its presence. It installs other malware into the computer, and it may be installed by a malware dropper.
Alert level: severe
Updated on Mar 22, 2010
Trojan:WinNT/Omexo.D is the detection for a malicious kernel mode driver that uses obfuscation techniques to hide its presence on an affected computer. It installs other malware into the computer, and it may be installed by a malware dropper.
Alert level: severe
Updated on Jun 28, 2010
Windows Defender Antivirus detects and removes this threat.
 
This trojan sends spam email messages from your PC. It can also give a malicious hacker access and control of your PC, change your security settings, and disable the Windows Firewall.
 
Alert level: severe
Updated on Jul 12, 2010
Win32/Bubnix is a generic detection for a kernel-mode driver installed by other malware that hides its presence on an affected computer by blocking registry and file access to itself. The trojan may report its installation to a remote server, download and distribute spam e-mail messages and could download and execute arbitrary files.
Alert level: severe
Updated on Jul 12, 2010
WinNT/Bubnix is a generic detection for a kernel-mode driver installed by other malware that hides its presence on an affected computer by blocking registry and file access to itself. The trojan may report its installation to a remote server, download and distribute spam e-mail messages and could download and execute arbitrary files.
Alert level: severe
Updated on Jul 30, 2010
Trojan:WinNT/Bubnix.I is a trojan that is downloaded and installed by other malware. It sends out spam email messages based on data received from a remote server.
Alert level: severe
Updated on Aug 24, 2010
Backdoor:Win32/Sdbot.AP is a member of Win32/Sdbot - a large family of IRC-controlled backdoors that allow unauthorized access and control of an affected computer. Using this backdoor, an attacker can perform a large number of different actions on an affected computer, including downloading and executing arbitrary files, stealing sensitive information and spreading to other computers using various methods.
Alert level: severe