Microsoft Defender Antivirus detects and removes this threat.

This trojan downloader is a VBScript that downloads and runs other malware, including the prevalent ransowmare Ransom:Win32/Locky. 

This threat is known to arrive as a ZIP, RAR, or 7Z attachment on spoofed emails. Some of the spoofed emails appear be sending an invoice from the Microsoft Store:

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Microsoft Defender Antivirus detects and removes this threat.

This threat is a .pdf file with a malformed hyperlink to phishing websites or other malicious sites. It usually arrives as attachment to spammed email messages.

To know more about how cybercriminals are using this threat in attacks, read the following blog:

• Phishers unleash simple but effective social engineering techniques using PDF attachments

Find out ways that malware can get on your PC.

Microsoft Defender Antivirus detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

It is a scriptable installer engine used to deliver malicious payloads, mostly ransomware, such as Ransom:Win32/Enestedel.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Microsoft Defender Antivirus detects and removes this threat.

This threat is designed to act as an intermediary malware within an infection chain. It is also known as the "Godzilla" loader.

In the wild, this threat has been observed to download a variant of Ransom:Win32/Locky.

Find out ways that malware can get on your PC.

Microsoft Defender Antivirus detects and removes this threat.

This threat is designed to act as an intermediary malware within an infection chain. It is also known as the "Godzilla" loader.

In the wild, this threat has been observed to download a variant of Ransom:Win32/Locky.

Find out ways that malware can get on your PC.

Microsoft security software detects and removes this threat.

This is a detection for the Autorun registry keys associated with Trojan:Win32/Kovter.C.

You can read more about this threat on the Microsoft Malware Protection Center (MMPC) blog: 

• Improved scripts in .lnk files now deliver Kovter in addition to Locky
• Kovter becomes almost file-less, creates a new file type, and gets some new certificates
• Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

Find out ways that malware can get on your PC.

Microsoft Defender Antivirus detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

It is a scriptable installer engine used to deliver malicious payloads, mostly ransomware, such as Ransom:Win32/Enestedel.

Our ransomware FAQ page has more information on this type of threat.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Windows Defender detects and removes this threat.

This threat can steal your personal information. It can also lower your Internet Explorer security settings and use your PC for click fraud.

You can read more about this threat on the Microsoft Malware Protection Center (MMPC) blog: 

• Improved scripts in .lnk files now deliver Kovter in addition to Locky
• Kovter becomes almost file-less, creates a new file type, and gets some new certificates
• Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

Find out ways that malware can get on your PC.  

Windows Defender detects and removes this threat.

This is a heuristic detection for macro malware.

The threat can be installed when you open a malicious document attached to a spam email. If macros are enabled on your PC, the malware runs when the document is opened. It can then try to do one or all of the following:

• Download and install other malware
• Use your computer for click fraud
• Record your keystrokes and the sites you visit
• Send information about your PC, including user names and browsing history, to a remote malicious hacker
• Give a remote malicious hacker access to your PC

Due to the generic nature of this detection, we can only provide general information about it.

For more information on how you can prevent macro malware, see our Threat Research & Response blog.

Trojan:Win32/Kovter.B is a trojan that can prevent you from accessing your desktop. It might also automatically open a website containing adult content. It can receive commands to a hacker, and send information to the hacker about your PC.

You can read more about this threat on the Microsoft Malware Protection Center (MMPC) blog: 

• Improved scripts in .lnk files now deliver Kovter in addition to Locky
• Kovter becomes almost file-less, creates a new file type, and gets some new certificates
• Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

Microsoft security software detects and removes this threat.

This threat can steal your personal information, such as your online passwords. It can also lower your Internet Explorer security settings and use your PC for click fraud.

It can be installed downloaded by other malware, such as TrojanDownloader:Win32/Kuluoz.

You can read more about this threat on the Microsoft Malware Protection Center (MMPC) blog: 

• Improved scripts in .lnk files now deliver Kovter in addition to Locky
• Kovter becomes almost file-less, creates a new file type, and gets some new certificates
• Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

Windows Defender detects and removes this threat.

This family of threats are .zip attachments that, when opened, try to download and install other malware on your PC, including ransomware and information stealing malware, such as:

• Crowti, Tescrypt, and Locky, which encrypt your files and demand payment to decrypt them
• Fareit, which attempts to steal your passwords and personal information
• Ursnif, which records information about you and your PC

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017.

Windows Defender detects and removes this threat.

It lets a malicious hacker access and control your PC from a command and control server (C&C).

It also lowers the security settings for Internet Explorer.

You can read more about this threat on the Microsoft Malware Protection Center (MMPC) blog: 

• Improved scripts in .lnk files now deliver Kovter in addition to Locky
• Kovter becomes almost file-less, creates a new file type, and gets some new certificates
• Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

Find out ways that malware can get on your PC.  

Microsoft Defender Antivirus detects and removes this threat.

This threat is a proxy-data-stealing and information-stealing malware with backdoor capabilities. It allows a remote attacker to take control of your PC and steal personal information.

We have observed this threat being distributed as a malicious attachment to spam email.

Find out ways that malware can get on your PC.