Skip to main content
Published Mar 06, 2016 | Updated Sep 15, 2017

Win32/Xadupi

Detected by Microsoft Defender Antivirus

Aliases: PUA/Subtab.Gen7 (Avira) W32/Trojan.IIIP-0438 (Command)

Summary

Windows Defender detects and removes this threat.

This threat is a trojan that poses as a useful application, usually called WinZipper or QKSee, but can silently download and install other malware.

This trojan is often installed silently by BrowserModifier:Win32/Sasquor or BrowserModifier:Win32/SupTab. It is often installed under the name "WinZipper", "QKSee", or both.

This threat is part of a suite of malware and unwanted software families that is also called "Fireball". Read about this threat group in the Windows Security blog: 

Understanding the true size of “Fireball”

Find out ways that malware can get on your PC.

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find hidden malware.

Protect your sensitive information

This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:

You should change your passwords after you've removed this threat:

Use cloud protection

The Microsoft Active Protection Service (MAPS) uses cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender for Windows 10. 

Get more help

You can also see our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Follow us