We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Win32/Winnti
Aliases: Backdoor/Win32.Etso (AhnLab) winpe/Agent.ALQHI (Norman) Trojan horse Agent3.BHML (AVG) BDS/Rogue.724628.2 (Avira) Trojan.DownLoader4.54317 (Dr.Web) Win32/Agent.SUQ trojan (ESET) W32/Agent.SUQ (Fortinet) Backdoor.Win32.Winnti (Ikarus) Troj/Winnti-A (Sophos) BKDR_WINNTI.SM2 (Trend Micro)
Summary
Winnti is a family of multi-component malware that give threat actors persistent access and control over infected devices through a backdoor. It has known associations with activity groups involved in cyberespionage.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
