We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
PUA:Win32/ExpressDownloader
Aliases: not-a-virus:AdWare.Win32.Agent.joiq (Kaspersky) PUP-FBZ (McAfee) a variant of Win32/ExpressFiles.C potentially unwanted application (ESET) Go For Files (Sophos) ADW_ELEX.A (Trend Micro) Malware.Generic!qbVlUuLGhdK@5 (Thunder) (Rising AV) Gen:Variant.Application.Bundler.85 (BitDefender) Trojan.Gen.2 (Symantec)
Summary
This application was stopped from running on your network because it has a poor reputation. This application can affect the quality of your computing experience. We have seen this leading to the following potentially unwanted behaviors on PCs:
- Adds files that run at startup
- Installs a driver
- Injects into other processes on your system
- Injects into browsers
- Changes browser settings
- Changes browser shortcuts
- Installs browser extensions
- Adds a local proxy
- Modifies the system hosts file
- Modifies your system DNS settings
- Tampers with system Group Policy settings
These applications are most commonly software bundlers or installers for applications such as toolbars, adware, or system optimizers. We have observed this application installing software that you might not have intended on your PC.
If you were trying to install an application, you might have downloaded it from a source other than the official product's website.
We usually see this application installed on PCs in the following countries. This list is sorted according to prevalence:
- United States
- Brazil
- France
- United Kingdom
- Spain
This detection is part of our extended Potentially Unwanted Application protection feature.
You should contact your IT representative or network administrator to find out how you can install legitimate programs while connected to your network.