Trojan:Win32/Clort.A.dr is a trojan that drops a trojan that exploits computers that have not applied Security Bulletin MS08-067.

Trojan:Win32/Clort.A is a trojan that executes another dropped trojan that exploits computers that have not applied Security Bulletin MS08-067.

Worm:Win32/Fakerecy.B is a worm that spreads via logical drives.

This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

TrojanDownloader:Win32/Zacko.A is a trojan that drops trojan downloader components to the local computer, detected as TrojanDownloader:Win32/Zacko.A!dll.

TrojanDownloader:Win32/Zacko.A!dll is a trojan downloader component installed by TrojanDownloader:Win32/Zacko.A. The trojan downloader attempts to download and execute malware associated with the trojan family Win32/Tibs from the domain 'zaq1.co.cc'.

Backdoor:Win32/Agent.ABHN is a trojan that installs Trojan:Win32/Alureon.BJ. Win32/Alureon.BJ is a component of Win32/Alureon - a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data.

Backdoor:Win32/Itfast.A is a trojan that installs Trojan:Win32/Alureon.BJ. Win32/Alureon.BJ is a component of Win32/Alureon - a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data.

TrojanDownloader:Win32/Qaantiz.A is a trojan that can download and execute files from a remote server. It may arrive in the computer as a dropped file of Exploit:Win32/Pidief.AX and with the file name "a.exe".

TrojanSpy:Win32/Bancos.SB is a component of Win32/Bancos - a family of password-stealing trojans that target online banking Web sites for banks located in Brazil. Captured credentials may be sent to the attacker via e-mail.

Dialer:WinCE/Terdial.A is a dialer trojan that makes outbound calls to a premium rate phone number. This action results in unexpected and often large telephone charges on affected users’ phone bills.

TrojanDownloader:Win32/Taleret.D is a trojan that attempts to download and run arbitrary files from certain websites.

Backdoor:MacOS_X/DevilRobber.A is backdoor trojan which allows a remote attacker to steal information and perform Bitcoin mining activities.

TrojanDownloader:Win32/Dofoil.gen!B is a trojan that may arrive as the attachment of spammed email messages. It connects to remote servers to download arbitrary files.

On March 6, 2018, behavior monitoring and machine learning technologies in Microsoft Defender Antivirus stopped a Dofoil variant (also known as Smoke Loader) that tried to infect more than 400,000 computers. The massive campaign aimed to install a cryptocurrency miner that uses victim computers' resources for coin mining purposes. Learn how artificial intelligence stopped the attack within minutes:

Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign

TrojanDownloader:Java/Rexec.I is the detection for Java-based trojans that are generated by the "Blackhole" exploit kit. TrojanDownloader:Java/Rexec.I may download and run other malware.

TrojanSpy:Win32/Gauss.A is a trojan that terminates certain system processes. It also loads other malware, which may already be installed in your computer.

Trojan:Win32/Tobfy.I a ransomware trojan that targets users from certain countries. It locks your computer and displays a localized webpage that covers your desktop. It demands the payment of a fine for the supposed possession of illicit material.

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

• Java Development Kit, Java Runtime Environment 7 Update 11 and earlier

To check if you're running a vulnerable version of Java:

1. Go to the control panel (Select Start then Control Panel)
2. Select Programs. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
3. On the General tab, click About to see which version of Java you have installed.

You might get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Windows Defender detects and removes this threat.

This threat can collect your sensitive information and send it to a malicious hacker.

Find out ways that malware can get on your PC.

Microsoft Defender Antivirus detects and removes this threat.

The threat is a backdoor trojan that is related to the "trojanized" version of a third-party utility known as "CCleaner". If you have installed the infected or trojanized version of CCleaner, it's likely you'll have this threat detected on your machine.

Find out ways that malware can get on your PC.