Win32/Nuwar.gen is generic detection for a family of Trojan droppers that install a distributed peer-to-peer (P2P) downloader Trojan. This downloader Trojan in turn downloads a copy of the email worm component of Win32/Nuwar.gen.

Virtool:Win32/FURootkit is a family of kernel-mode rootkit programs that target computers running certain versions of Microsoft Windows. It is primarily used to hide certain processes from process viewers or to hide certain device drivers. This rootkit is often bundled with other malicious software. For example, it is installed on a computer by some variants of Win32/Rbot.

 

Some variants of Win32/FURootkit can be configured to unlink certain processes from the EPROCESS linked list, so that the running process is hidden from Task Manager and other process-viewer applications. Some Win32/Rbot variants use this stealth method to hide themselves.

Microsoft security software detects and removes this threat.

This family of worms can disable several important Windows services and security products. They can also download files and run malicious code on your PC if you have file sharing enabled.

Conficker worms infect PCs across a network by exploiting a vulnerability in a Windows system file. This vulnerability is described and fixed in Security Bulletin MS08-067.

Some worms can also spread via removable drives and by using common passwords.

Find out ways that malware can get on your PC.

Win32/MoneyTree is the detection for a family of software that provides the ability to search for adult content on local disks. The software may also install programs that display pop-up advertisements. It may install other unwanted software as well, including a BHO (Browser Helper Object).

 

Win32/MoneyTree may be installed without the user's consent, and may create registry entries that cause programs to run automatically each time Windows starts.

This family of rogue security programs pretend to scan your PC for malware, and often report lots of infections. The program will say you have to pay for it before it can fully clean your PC.

However, the program hasn't really detected any malware at all and isn't really an antivirus or antimalware scanner. It just looks like one so you'll send money to the people who made the program. Some of these programs use product names or logos that unlawfully impersonate Microsoft products.

Even if you do pay to "unlock" the app, it won't do anything because your PC isn't actually infected with all that malware it "found".

Different brands of the rogues may modify various settings on your computer, end or close programs or system services, or block access to websites.

We've seen the rogues use the following names: 

• Advanced Antispyware Solution
• Antimalware PC Safety
• Antivirus Smart Protection
• AV Security Essentials
• Best Antivirus Software
• Best Virus Protection
• Home Malware Cleaner
• Home Security Solutions
• Internet Security Guard
• Malware Protection Center
• Smart Anti-Malware Protection
• Strong Malware Defender
• System Protection Tools
• Total Anti Malware Protection

Win32/Yeltminky is a family of worms that spreads by making copies of itself on all available drives and creating an autorun.inf file to execute that copy.

Win32/FakePowav is a rogue that pretends to scan for malware. It then shows you fake warnings of "malicious programs and viruses". It then inform the user that they need to pay money in order to remove these non-existent threats.

More information about these types of threats is available in our Rogue page.

 

This program was detected by definitions prior to 1.173.405.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

Windows Defender Antivirus detects and removes this threat. 

This family of trojans can monitor what you do online and send the information to a malicious hacker. They can also redirect you web browser to an attacker-specified URL.

Win32/Koutodoor is a malware family that is capable of changing the Internet Explorer home page and downloading arbitrary files from certain servers. It can also open certain webpages using Internet Explorer.

Microsoft security software detects and removes this family of threats.

These threats can download other malware and make changes to your PC security settings.

They are usually bundled with other third-party installers and keygens. They can also be downloaded from malicious or compromised websites, and through peer-to-peer file sharing applications.

Windows Defender detects and removes this threat.

This threat is a malicious file that can install other files onto your PC. 

Find out ways that malware can get on your PC.

Windows Defender detects and removes this threat.

This malware family steals information about your PC, sends it a malicious hacker, and downloads other malware.

It can be installed on your PC by other malware, or as a result of an exploit, such as Exploit:Win32/CVE-2012-0158.CJ.

Find out ways that malware can get on your PC.

Microsoft security software detects and removes this family of threats.

These threats can collect your sensitive information and send it to a malicious hacker.

Find out ways that malware can get on your PC.  

Microsoft security software detects and removes this family of threats.

This malware family can send information about your PC to a malicious hacker. They can also download updates and other files.

Find out ways that malware can get on your PC.