Skip to main content
Published Apr 26, 2011 | Updated Mar 08, 2018

Win32/Dofoil

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Microsoft Defender Antivirus detects and removes this threat.

This family of trojans can download and run other malware.

On March 6, 2018, behavior monitoring and machine learning technologies in Microsoft Defender Antivirus stopped a Dofoil variant (also known as Smoke Loader) that tried to infect more than 400,000 computers. The massive campaign aimed to install a cryptocurrency miner that uses victim computers' resources for coin mining purposes. Learn how artificial intelligence stopped the attack within minutes:

Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign

Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

Secure configuration

To ensure you have the best protection, enable the following:

  • Cloud-delivered protection
  • Automatic sample submission

To access these settings on the Windows Defender Security Center app, use the Windows search box to find and open the Windows Defender Security Center. Navigate to Virus & threat protection settings.

Prevent malware infection

To prevent future infection, follow our guide on preventing malware infection.

Follow us