We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/Starter
Detected by Microsoft Defender Antivirus
Aliases: Trojan.Win32.Starter.al (Kaspersky) Trojan.Win32.Starter.al (Sunbelt Software) TROJ_STARTER.TR (Symantec)
Summary
Trojan:Win32/Starter creates an unauthorized user account on the system and adds that account to the administrator group as a “Remote Service Account".
On July 16, 2007, Microsoft identified a misclassification in the Trojan:Win32/Starter signature which could result in erroneous detections of this Trojan in certain PE files created by Quick Batch File Compiler. To address this issue, impacted customers should update to signature files with version number 2740.6 or above.
Trojan:Win32/Starter may lead to further compromise, including downloading and installing additional malicious software, thus manual removal is not recommended. To detect and remove this Trojan and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, visit http://www.microsoft.com/athome/security/downloads/default.mspx