We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Virus:Win32/Bamital.G
Detected by Microsoft Defender Antivirus
Aliases: Win32/Bamital.EL (ESET) Virus.Win32.Bamital.c (Sunbelt Software) Trojan.Bamital!inf (Symantec)
Summary
Virus:Win32/Bamital.G is the detection for the files "explorer.exe" and "winlogon.exe" when they are infected. The infection is caused by TrojanDropper:Win32/Bamital.C.
To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Additional recovery instructions
Due to the infection mechanism of this virus, and the fact that it modifies critical system files, Virus:Win32/Bamital.G may make lasting changes to infected files that will NOT be restored by detecting and removing this threat. To return an infected computer to its pre-infected state, files infected by Virus:Win32/Bamital.G must be restored from backup.
-
Using the system's recovery options:
-
For Windows XP: Installing and using the Recovery Console in Windows XP
-
For Windows Vista: System Recovery Options in Windows Vista
-
For Windows 7: System Recovery Options in Windows 7
-
For other support and help related articles, go to:
-
Windows 7: http://support.microsoft.com/gp/windows7
-
Windows Vista: http://support.microsoft.com/ph/11732
-
Windows XP: http://support.microsoft.com/ph/1173
-
Microsoft Security TechNet Center: http://technet.microsoft.com/security/default.aspx