We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanDownloader:JS/Crimace.A
Aliases: No associated aliases
Summary
Microsoft Defender Antivirus detects and removes this threat.
This threat downloads and installs Ransom:Win32/WinPlock.B, which is a ransomware that encrypts files.
It is distributed as an attachment to spammed email message that pretend to be fax messages.
Read more in this blog: Fake fax ushers in revival of a ransomware family.
Find out ways that malware can get on your PC.
Use the following free Microsoft software to detect and remove this threat:
- Microsoft Defender Antivirus for Windows 8.1 and Windows 10, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
You should also run a full scan. A full scan might find hidden malware.
Use cloud protection
Use cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender for Windows 10.
Go to All settings > Update & security > Windows Defender and make sure that your Cloud-based Protection settings is turned On.
Get more help
You can also see our advanced troubleshooting page for more help or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.
