Win32/Qakbot
Microsoft Defender Antivirus detects and removes this threat.
This malware family can give a malicious hacker access and control of your PC. They can then steal your sensitive information.
For more information on this threat, read: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Win32/Lethic
Win32/Ciucio
Win32/Pdfjsc
Microsoft security software detects and removes these threats.
This malware family exploit vulnerabilities in Adobe Acrobat and Adobe Reader.
The vulnerabilities allow malware to download and run files, inlcuding other malware.
Win32/Cycbot
Win32/Rebhip
Microsoft security software detects and removes this family of threats.
This family of worms can steal your sensitive information.
They spread through infected removable drives, such as USB flash drives.
Win32/Afcore
Windows Defender detects and removes this threat.
This trojan can also install other malware or unwanted software onto your PC.
Win32/Dofoil
Microsoft Defender Antivirus detects and removes this threat.
This family of trojans can download and run other malware.
On March 6, 2018, behavior monitoring and machine learning technologies in Microsoft Defender Antivirus stopped a Dofoil variant (also known as Smoke Loader) that tried to infect more than 400,000 computers. The massive campaign aimed to install a cryptocurrency miner that uses victim computers' resources for coin mining purposes. Learn how artificial intelligence stopped the attack within minutes:
Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign
Win32/Ramnit
Microsoft Defender Antivirus detects and removes this threat.
This malware family steals your sensitive information, such as your bank user names and passwords. It can also give a malicious hacker access and control of your PC, and stop your security software from running.
These threats can be installed on your PC through an infected removable drive, such as a USB flash drive.
Win32/Defmid
Windows Defender Antivirus detects and removes this threat.
Rogue:Win32/Defmid is a trojan that mimics security alerts and displays messages requesting the user to purchase the rogue to fix "detected" problems that in actuality don't exist.
you can find out more about rogues from our Rogue information page.
Win32/Expiro
Win32/Tracur
Windows Defender detects and removes this threat.
Win32/Tracur is a family of trojans that can redirect your web searches. They do this to earn revenue for the malware authors via online advertisement fraud. The trojans hijack search result links from the following search engines, and redirect you to a different webpage:
- Alltheweb
- Altavista
- AOL
- Ask
- Bing
- Gigablast
- Hotbot
- Lycos
- Netscape
- Snap
- Yahoo
- Youtube
Win32/Tracur can also download and run files, including other malware, and give a hacker control of your PC.
These threats can be installed on your PC by other malware, or when you click on a suspicious link or email attachment.
Win32/Bafruz
Windows Defender Antivirus detects and removes this threat.
This multi-component family of backdoor trojans that can perform a number of different actions on your PC, such as:
- Uninstall antivirus and security products
- Intercept social media webpages such as Facebook and Vkontakte in order to hijack conversations
- Install Bitcoin mining software
- Perform denial of service attacks
Bafruz communicates with other Bafruz-infected computers via a peer-to-peer (P2P) protocol in order to update and download its components onto your PC.
Win32/Cridex
Win32/Matsnu
Win32/Matsnu is malware that can perform certain actions based on instructions from a remote server. It also changes certain computer settings.
Win32/Hioles
Win32/Hioles is a trojan that communicates with a command and control (C&C) server to retrieve and execute commands such as to install a reverse proxy and other actions.
Win32/Fareit
Windows Defender detects and removes this threat.
The Win32/Fareit malware family has many components, inlcuding a password stealing component, PWS:Win32/Fareit, that steals sensitive information from your PC and sends it to a hacker.
There is also a Distributed Denial of Service (DDoS) component, DDoS:Win32/Fareit.gen!A, that can be used against other servers.
Win32/Pramro
Windows Defender detects and removes this threat.
Win32/Pramro is a trojan that acts as a SOCKS proxy on an infected computer. Proxy servers may be used by attackers to hide the origin of malicious activity. In this case, this proxy may be used to relay spam and HTTP traffic. In the wild, Win32/Pramro has been observed to be downloaded by variants of the Win32/Sality family.
Win32/Kuluoz
Windows Defender detects and removes this threat.
This trojan tries to steal your passwords and sensitive information. It can also download other malware onto your PC, including other variants of Win32/Kuluoz and Win32/Sirefef, and variants of rogue security software such as Win32/FakeSysdef and Win32/Winwebsec.
Win32/Medfos
Microsoft security software detects and removes this family of threats.
These threats install malicious Internet browser extensions and redirect your search results. This means that if you search using Google, Bing, or Yahoo, for example, the site returns normal search results. However, if you click on any of the results, instead of going to the correct website, you might be redirected to a different website.
These threats can also be used for click-fraud.
Variants of Win32/Medfos can be installed by other malware, including variants of the Trojan:Win32/Necurs family.
Find out ways that malware can get on your PC.