Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
168 entries found. Displaying page 3 of 9.
Updated on Oct 01, 2009
TrojanSpy:Win32/Banker.VB is a trojan that captures user-entered sensitive information such as online banking account credentials and access codes, personal information and other sensitive data. The trojan may monitor incoming e-mail messages.
Alert level: severe
Updated on Jul 30, 2008
VirTool:Win32/Vanti.gen!A is Microsoft's detection for a packer often used by certain trojan password stealers and rootkits.
Alert level: severe
Updated on Dec 24, 2008
TrojanSpy:Win32/Baluch.A is a trojan that gathers information about the system. It also acts as a keylogger.
Alert level: severe
Updated on Oct 29, 2009
Virus:Win32/Cutwail.H is a member of Win32/Cutwail - a multi-component family of malware that downloads and executes arbitrary files. This functionality is mostly used to install additional Cutwail components, and other malware on an affected machine. In general, the Cutwail family is used to compromise machines and direct them in various ways at the attacker's will, usually for monetary gain. This could include using the affected machine to distribute additional malware, send spam, generate 'pay per click' advertising revenue, harvest e-mail addresses, and break captchas. Its components are varied, but include trojan downloaders and droppers, spammers, and viruses. Cutwail also employs a rootkit and other defensive techniques to avoid detection and removal.
 
This particular component is used in conjunction with other Cutwail components to perform Cutwail's payload - to download and execute arbitrary files.
Alert level: severe
Updated on Mar 18, 2010
Trojan:WinNT/Omexo.C is the detection for a malicious kernel mode driver that uses obfuscation techniques to hide its presence. It installs other malware into the computer, and it may be installed by a malware dropper.
Alert level: severe
Updated on Jun 14, 2010
Trojan:WinNT/Killav.A is a trojan rootkit that deletes files from kernel mode.
Alert level: severe
Updated on Jul 07, 2010
TrojanDropper:Win32/Stuxnet.A is a trojan that drops and installs other Stuxnet components detected as Trojan:WinNT/Stuxnet.A and Trojan:WinNT/Stuxnet.B. It also injects code into certain processes. The injected code contains links to certain football betting websites.
Alert level: severe
Updated on Sep 03, 2010
Trojan:WinNT/Bubnix.J is a trojan that installs itself as a system driver. It injects code into legitimate processes, connects to remote servers, and sends out spammed email messages.
Alert level: severe
Updated on Sep 24, 2010
Trojan:WinNT/Kapa.A is a detection for a kernel-mode trojan that may be directed by other malware to terminate services.
Alert level: severe
Updated on Jan 17, 2011
Trojan:WinNT/KillAV.E is a kernel mode rootkit, which is used to terminate processes related to antivirus and security software. It may also perform other functions, such as deleting files, overwriting registry entry data, and others.
Alert level: severe
Updated on Apr 29, 2011

Trojan:WinNT/Ramnit.gen!A is a rootkit component that is a member of the Ramnit family of malware. This component is designed to prevent other components of the Ramnit family from being detected by certain antivirus and security products.

Alert level: severe
Updated on May 23, 2011

VirTool:WinNT/Popureb.A is a component of Win32/Popureb. It uses a low level disk driver hook to prevent a malicious Master Boot Record (MBR) and other malicious data stored as disk sectors from being changed.

Alert level: severe
Updated on Jul 12, 2011

Trojan:DOS/Alureon.C is the detection name for infected Master Boot Records (MBR) produced by certain variants of the Win32/Alureon rootkit family. The rootkit infects 32-bit and 64-bit systems.

Alert level: severe
Updated on Nov 21, 2011

Trojan:WinNT/Bibei.A is a driver component installed by TrojanDropper:Win32/Bibei.A on an affected computer. It is used to connect to a remote server and download other malware.

Alert level: severe
Updated on Jul 27, 2012

TrojanSpy:Win32/Bhoban is a malware used to set up malicious Browser Helper Objects (BHO) in an infected computer.

Alert level: severe
Updated on Nov 15, 2005
WinNT/F4IRootkit is a kernel-mode rootkit used for copy protection on certain Sony BMG audio CDs. There are several versions of this rootkit. The rootkit hides certain Windows system resources, including files, processes, and registry settings. The rootkit can be used by attackers to hide malicious content on the computer.
Alert level: high
Updated on Oct 15, 2008
Backdoor:WinNT/Rustock.E is a generic detection for a component of Win32/Rustock. Win32/Rustock is a family of rootkit-enabled backdoor trojans that have historically been used to send large volumes of spam from infected computers. More recently, Rustock variants have been associated with Rogue Security applications.
Normally the trojan consists of 3 components which are embedded within a single binary - the dropper (which runs in user mode), the driver's installer, and the actual rootkit driver, (both of which run in kernel mode).
For more information, please see the Win32/Rustock family entry, elsewhere in our encyclopedia. 
Alert level: severe
Updated on Mar 10, 2009
VirTool:WinNT/Malres.A is the detection for a rootkit that hides malware. It arrives in the system by being dropped by TrojanDropper:Win32/Malres.A.
Alert level: severe
Updated on May 20, 2009
Win32/Daonol is a family of trojans capable of monitoring network traffic, stealing FTP credentials, preventing access to security Web sites, disabling access to system programs, and redirecting Web searches to sites hosting other malware.
Alert level: severe
Updated on Jun 11, 2009
HackTool:WinNT/Tcpz.A is a device driver that patches the Windows TCP/IP stack device driver to modify the concurrent TCP connection attempts limit.
Alert level: high