Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
Published Mar 30, 2011 | Updated Sep 15, 2017

Trojan:Win32/Oficla.AI

Detected by Microsoft Defender Antivirus

Aliases: Win-Trojan/Antisb.39424.K (AhnLab) W32/Trojan3.CJS (Command) TR/Spy.Agent.SN (Avira) Win32/Bredolab.APT (CA) Troja.DownLoader2.2977 (Dr.Web) Trojan-Banker.Win32.Banker.bghb (Kaspersky) PWS-Banker!gpr (McAfee) W32/Bancos.APJJ (Norman) Troj/Agent-QBX (Sophos) Downloader.Lofog!gen3 (Symantec) TROJ_BREDOLAB.XP (Trend Micro)

Summary

Trojan:Win32/Oficla.AI is a trojan that attempts to download and execute arbitrary files.
To detect and remove this threat and other malicious software that may have been installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
For more information about using antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
 
If you think you have been the victim of this malware and your banking details have been stolen, you can refer to Microsoft's advice on what to do if you are a victim of fraud.
Additional remediation instructions for Win32/Oficla 
This threat may make lasting changes to a computer’s configuration that are NOT restored by detecting and removing this threat. Registry data may require manual correction after the malware is removed.
 
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
322756 How to back up and restore the registry in Windows
 
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
 
To remove/modify the changes that Win32/Oficla has made to your computer, follow these steps:
 
1) Click Start and then click Run.
2) In the Open box, type regedit and then click OK.
3) Locate and then click on the following registry key:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
4) On the right panel, right-click on the following registry entry:
Shell
5) Select Modify and then click OK.
6) In the "Value data:" entry box, edit the data such that it only contains the following:
explorer.exe
7) Close Registry Editor.
Follow us