We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Rewdar.A
Detected by Microsoft Defender Antivirus
Aliases: Win32/Qweasy.I (CA) Backdoor.Win32.Prexot.b (Kaspersky) W32/Malware.AJP (Norman) W32/Malware.AVP (Norman) BKDR_PREXOT.E (Trend Micro)
Summary
Worm:Win32/Rewdar.A is a network worm that spreads to systems that have not been patched for one or more of the Windows vulnerabilities described in Microsoft Security Bulletins MS04-011, MS05-039, and MS06-040. Worm:Win32/Rewdar.A may also download and run additional malicious software from a specified URL. Worm:Win32/Rewdar.A attempts to terminate security related processes and blocks access to security related websites by modifying the local HOSTS file. These modifications could cause the impacted user to be unable to access updates necessary to detect and remove the worm.
Attempting to recover manually from Worm:Win32/Rewdar.A is not recommended, as other malicious software may have been downloaded and installed by this worm. To detect and remove Worm:Win32/Rewdar.A and any additional programs it may have installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (available at http://go.microsoft.com/fwlink/?LinkId=212742). For more information, visit http://www.microsoft.com/athome/security/downloads/default.mspx
Follow us
