HackTool:Win32/Ntillusion
HackTool:Win32/Ntillusion is the detection for a user-mode rootkit. It uses SetWindowsHookEx to inject itself into each running process on an infected computer. It then hooks the Import Address Table entries for several functions in order to redirect them to functions implemented by the rootkit.
VirTool:WinNT/Xantvi.gen!A
Virus:Win32/Alureon.A
Microsoft security software detects this threat.
This threat can send malicious data to your PC and corrupt some driver files, making them unusable..
See the Win32/Alureon family description for more information.
Trojan:DOS/Yoddos
Trojan:DOS/Yoddos is a bootkit malware that infects the file "userinit.exe" to decode and execute its encoded component, which is a trojan downloader.
VirTool:WinNT/Bohu.A
VirTool:WinNT/Bohu.A is a malicious kernel-mode driver and rootkit that is installed by TrojanDropper:Win32/Bohu.B. It is used to monitor registry keys pertaining to the malware and to prevent security processes from executing.
Trojan:Win64/Rootkit
This is a detection of a generic rootkit, which is malicious software that gets installed at the kernel level to hide itself and its activities or to maintain persistence.
For information about this trojan and other human-operated malware campaigns, read these blog posts:
TrojanDropper:Win32/Alureon.J
Virus:Win32/Alureon.G
- modifying affected user's search results (search hijacking)
- redirecting affected user's browsing to sites of the attacker's choice (browser hijacking)
- changing DNS settings in order to redirect users to sites of the attacker's choice without the affected user's knowledge
- downloading and executing arbitrary files, including additional components and other malware
- serving illegitimate advertising
- installing Rogue security software
- banner clicking
Trojan:WinNT/Alureon.L
Trojan:WinNT/Regin.B!dha
Microsoft security software detects and removes this family of threats.
These threats can give a malicious hacker access and control of your PC. They can download and run files, and steal your sensitive information.
Some variants specifically target the administration traffic of mobile base station controllers that are used by telecommunication providers. This stolen data could let a malicious hacker monitor and control the calls of an affected phone provider.
Trojan:WinNT/Regin.C!dha
Microsoft security software detects and removes this family of threats.
These threats can give a malicious hacker access and control of your PC. They can download and run files, and steal your sensitive information.
Some variants specifically target the administration traffic of mobile base station controllers that are used by telecommunication providers. This stolen data could let a malicious hacker monitor and control the calls of an affected phone provider.
Trojan:WinNT/Regin.gen.B!dha
Microsoft security software detects and removes this family of threats.
These threats can give a malicious hacker access and control of your PC. They can download and run files, and steal your sensitive information.
Some variants specifically target the administration traffic of mobile base station controllers that are used by telecommunication providers. This stolen data could let a malicious hacker monitor and control the calls of an affected phone provider.
Trojan:WinNT/Regin.gen.C!dha
Microsoft security software detects and removes this family of threats.
These threats can give a malicious hacker access and control of your PC. They can download and run files, and steal your sensitive information.
Some variants specifically target the administration traffic of mobile base station controllers that are used by telecommunication providers. This stolen data could let a malicious hacker monitor and control the calls of an affected phone provider.
Trojan:WinNT/Regin.A!dha
Microsoft security software detects and removes this family of threats.
These threats can give a malicious hacker access and control of your PC. They can download and run files, and steal your sensitive information.
Some variants specifically target the administration traffic of mobile base station controllers that are used by telecommunication providers. This stolen data could let a malicious hacker monitor and control the calls of an affected phone provider.
Trojan:DOS/Sinowal.Q
Trojan:DOS/Sinowal.Q is the detection for a malformed MBR (Master Boot Record) generated by VirTool:WinNT/Sinowal.
Virus:Win32/Sirefef.N
Virus:Win32/Sirefef.N is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.
Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. If you are infected with Sirefef, we recommend you take the following steps to remove this threat from your computer:
Before you begin you will need:
- A computer that is not infected and is connected to the Internet. You will use this computer to download a copy of the Microsoft Safety Scanner
- A blank CD, DVD or USB drive. You will use this CD, DVD or USB drive to run the Scanner on your infected computer
- Download a copy of the Microsoft Safety Scanner from a clean, uninfected computer
- Save a copy of the Scanner on a blank CD, DVD, or USB drive
- Restart the infected computer
- Insert the CD, DVD, or USB drive into your infected computer and run the Scanner
- Let the Scanner clean your computer and remove any infections it finds
After running the Scanner, ensure that your antivirus product is up-to-date. You can update Microsoft security products by downloading the latest definitions at this link: Get the latest definitions.
As a consequence of being infected with this threat, you may need to repair and reconfigure some Windows security features. Please see Additional remediation steps in this entry for more information.
TrojanDropper:Win32/Sirefef.B
TrojanDropper:Win32/Sirefef.B is a trojan that drops Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.
Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. If you are infected with Sirefef, we recommend you take the following steps to remove this threat from your computer:
Before you begin you will need:
- A computer that is not infected and is connected to the Internet. You will use this computer to download a copy of the Microsoft Safety Scanner
- A blank CD, DVD or USB drive. You will use this CD, DVD or USB drive to run the Scanner on your infected computer
- Download a copy of the Microsoft Safety Scanner from a clean, uninfected computer
- Save a copy of the Scanner on a blank CD, DVD, or USB drive
- Restart the infected computer
- Insert the CD, DVD, or USB drive into your infected computer and run the Scanner
- Let the Scanner clean your computer and remove any infections it finds
After running the Scanner, ensure that your antivirus product is up-to-date. You can update Microsoft security products by downloading the latest definitions at this link: Get the latest definitions.
As a consequence of being infected with this threat, you may need to repair and reconfigure some Windows security features. Please see Additional remediation steps in this entry for more information.