Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
98 entries found.
Displaying page 2
of 5.
Worm:Win32/Autorun.JQ!inf
Worm:Win32/Autorun.JQ!inf is an "autorun.inf" file created by Worm:Win32/Autorun.JQ and Worm:Win32/Autorun.CH in order for the worm to spread and infect other computers through network shares or removable devices.
Alert level:
severe
VirTool:Win32/VBInject.gen!BW
VirTool:Win32/VBInject.gen!BW is a detection of an obfuscator used by particular malware. It is written in VB (Visual Basic). It attempts to hinder analysis and detection of the malware code it is applied to. The malware code runs in memory directly without being dropped as a file.
Alert level:
severe
Worm:Win32/Hamweq.E
Win32/Hamweq.E is a worm that spreads via removable drives, such as USB memory sticks. It contains an IRC-based backdoor, which may be used by a remote attacker to order the affected machine to participate in Distributed Denial of Service attacks, or to download and execute arbitrary files.
Alert level:
severe
Virus:Win32/Jadtre.I
Virus:Win32/Jadtre.I is a detection for a virus that infects Windows executable files, and spreads to computers via network shares and removable drives. The virus attempts to connect to a remote server to log its presence, and attempts to download and execute arbitrary files.
Alert level:
severe
Virus:Win32/Autorun
Windows Defender detects and removes this threat.
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.
The Win32/Autorun family description has more details.
Alert level:
severe
Worm:Win32/Nuqel.AC
Worm:Win32/Nuqel.AC is a worm that spreads by copying itself to removable drives. It also modifies various computer settings, such as disabling System Restore, hiding files and folders, disabling Windows Security Center notifications, and other actions.
Alert level:
severe
Worm:Win32/Emold.F
Worm:Win32/Emold.F is a worm that installs a trojan rootkit. It can spread via removable drives, spammed to users as an e-mail attachment, and distributed from malicious Web sites. It is capable of downloading arbitrary files, including other malware, from a specific Web site.
Alert level:
severe
Worm:Win32/Autorun.WZ
Worm:Win32/Autorun.WZ is a worm that spreads via removable and network drives.
Alert level:
severe
Worm:Win32/Emold.S
Worm:Win32/Emold.S is an encrypted executable with a file size of 46,592 bytes. It can spread via removable drives, be spammed to users as an e-mail attachment, or distributed from malicious Web sites. It is capable of downloading arbitrary files, including other malware, from a specific Web site.
Alert level:
severe
Worm:Win32/Nuqel.AF
Worm:Win32/Nuqel.AF is a worm that spreads by copying itself to removable drives. It also modifies various computer settings, such as disabling System Registry tools, hiding files and folders, and terminating processes.
Alert level:
severe
VirTool:Win32/Vbinder.AE
VirTool:Win32/VBinder.AE is a generic detection for obfuscated malware. The loader, which is detected as VirTool:Win32/VBinder.AE, is written in Visual Basic and the malicious code, which may have virtually any purpose, is encrypted.
Alert level:
severe
Trojan:Win32/Autorun
Windows Defender Antivirus detects and removes this threat.
This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.
The Win32/Autorun family description has more details.
Alert level:
severe
Worm:Win32/Vormus.A
Worm:Win32/Vormus.A is a worm that spreads via removable drives. It modifies system settings, such as disabling Control Panel, the Command Prompt, Task Manager, and Registry editing tools.
Alert level:
severe
Worm:Win32/VB.HA
Worm:Win32/VB.HA is a worm that spreads by copying itself to removable drives. It also modifies the affected computer's hosts file and may download and execute arbitrary files.
Alert level:
severe
Worm:Win32/Autorun.TA
Worm:Win32/Autorun.TA is a worm that spreads to available drives and may execute automatically when accessed from a computer that supports the Autorun feature. The worm blocks access to certain security-related websites by modifying the local hosts file.
Alert level:
severe
Worm:Win32/Vobfus.A
Worm:Win32/Vobfus.A is a worm that installs Worm:Win32/Vobfus.E, changes Windows settings and may download other malware.
Alert level:
severe
Worm:Win32/Vobfus.C
Windows Defender Antivirus detects and removes this threat.
This threat can change your Windows setting and download other malware.
It spreads through infected removable drives, such as USB flash drives.
Alert level:
severe
Worm:Win32/Autorun.WZ!inf
Worm:Win32/Autorun.WZ!inf is detection for the Autorun configuration file "autorun.inf" dropped by Worm:Win32/Autorun.WZ, a worm that spreads via removable and network drives.
Alert level:
severe
Worm:Win32/Vobfus.V
Worm:Win32/Vobfus.V is a detection of obfuscated Visual Basic (VB) complied malware that spreads via removable drives and downloads additional malware from remote servers.
Alert level:
severe
Worm:Win32/Vobfus.gen!A
Win32/Vobfus.gen!A is a generic detection certain variants of Win32/Vobfus, a worm that spreads via removable drives and downloads and executes arbitrary files. Downloaded files may include additional malware.
Alert level:
severe