Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
575 entries found. Displaying page 1 of 29.
Updated on Oct 24, 2007
Alert level: high
Updated on Dec 17, 2007
PWS:Win32/Dialupass is a program that contains a password recovery tool that is used to capture logon credentials and send them to an attacker.
Alert level: severe
Updated on Jun 12, 2008
Constructor:Win32/Pdfmaker.A is a malicious PDF (Adobe) constructor. Use of the constructor allows an attacker to embed a supplied arbitrary executable within a supplied PDF host file. Opening the PDF file on vulnerable systems could allow the embedded file to execute.
Alert level: severe
Updated on Apr 12, 2010
Hacktool:Win32/Netpass is a detection for the network password recovery tool. It can be downloaded from the Web site "nirsoft.net".
Alert level: high
Updated on Aug 27, 2015

Windows Defender detects and removes this threat.

This trojan can install other malware or unwanted software onto your PC.

Find out ways that malware can get on your PC.

Alert level: severe
Updated on Jan 14, 2016

This application was stopped from running on your network because it has a poor reputation. This application can affect the quality of your computing experience.

If you were trying to install an application, you might have downloaded it from a source other than the official product's website.

We usually see this application installed on PCs in the following countries. This list is sorted according to prevalence:

  • United States
  • Brazil
  • China
  • Spain
  • Mexico

This detection is part of our extended Potentially Unwanted Application protection feature.

Alert level: severe
Updated on Jun 29, 2016

This application was stopped from running on your network because it has a poor reputation. This application can affect the quality of your computing experience. We have seen this leading to the following potentially unwanted behaviors on PCs:

  • Adds files that run at startup

These applications are most commonly software bundlers or installers for applications such as toolbars, adware, or system optimizers. We have observed this application installing software that you might not have intended on your PC.

If you were trying to install an application, you might have downloaded it from a source other than the official product's website.

We usually see this application installed on PCs in the following countries. This list is sorted according to prevalence:

  • United States
  • Brazil
  • Russia
  • China
  • Spain

This detection is part of our extended Potentially Unwanted Application protection feature.

Alert level: severe
Updated on Sep 01, 2009

HackTool:Win32/WpePro is a tool called Winsock Packet Editor Pro or "WPE PRO" that listens, logs, filters, and modifies Winsock packets.

The tool may be used to hack online communications and online games by mimicking traffic from the communication or game.

Alert level: high
Updated on Jan 13, 2011
Trojan:VBS/Trisell.A is the detection for a script that exploits a vulnerability in certain versions of web-scripting languages that is used to gain access to a web server.
Alert level: severe
Updated on Jul 07, 2007

HackTool:Win32/Ntillusion is the detection for a user-mode rootkit. It uses SetWindowsHookEx to inject itself into each running process on an infected computer. It then hooks the Import Address Table entries for several functions in order to redirect them to functions implemented by the rootkit.

Alert level: high
Updated on May 24, 2010
HackTool:Win32/Evidpatch.A is a tool that modifies the Windows system file "TCPIP.SYS". It removes the security limits imposed on the default number of concurrent TCP connection attempts within a specific time period.
Alert level: high
Updated on Dec 12, 2008

Exploit:Win32/Crpexp is a trojan that exploits certain vulnerabilities. It may be used by other malware for their spreading routine.

Alert level: severe
Updated on Jan 06, 2011
HackTool:Win32/Ntscan.A is a utility that is used to scan a specified IP block to identify computers that have a weak passwords for their corresponding Admin$ and IPC$ share.
Alert level: high
Updated on Jun 23, 2010
HackTool:Win32/Keydump is a tool that retrieves Microsoft Windows XP and Microsoft Office product keys. It is also capable of modifying the current Windows XP product key and Windows registration information.
Alert level: high
Updated on Nov 02, 2010
HackTool:Win32/Gsecdump is a tool used within a command-line interface to dump the Windows SAM database, cached domain credentials, LSA details and active logon sessions.
Alert level: high
Updated on Dec 16, 2010

Windows Defender detects and removes this threat.

This freeware tool can be used to display passwords for a number of email applications.

We have seen it being used by Trojan:Win32/Nedsym to steal passwords.

Find out ways that malware can get on your PC.

Alert level: high
Updated on Jun 11, 2009
HackTool:WinNT/Tcpz.A is a device driver that patches the Windows TCP/IP stack device driver to modify the concurrent TCP connection attempts limit.
Alert level: high
Updated on Nov 13, 2007
Backdoor:Win32/Oderoor.gen!A is a backdoor Trojan that allows an attacker access to the compromised computer. This Trojan may connect with remote Web sites and SMTP servers.
Alert level: severe
Updated on Jan 17, 2008
Backdoor:Win32/Oderoor.gen!B is a backdoor Trojan that allows an attacker access to the compromised computer. This Trojan may connect with remote Web sites and SMTP servers.
Alert level: severe
Updated on Feb 06, 2008
Backdoor:Win32/Oderoor.gen!A is a backdoor Trojan that allows an attacker access to the compromised computer. This Trojan may connect with remote Web sites and SMTP servers.
Alert level: severe