We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
VirTool:Win32/Ursnif.A
Detected by Microsoft Defender Antivirus
Aliases: Troj/WLhack-F (Sophos)
Summary
Virtool:Win32/Ursnif.A is the detection for the system file 'winlogon.exe' when it has been modified by TrojanSpy:Win32/Ursnif.gen!H.
A 'winlogon.exe' file detected as Virtool:Win32/Ursnif.A no longer has the ability to query clients that are logged in to the system using the Terminal service.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://new-cm-edgedigital.pages.dev/protect/computer/viruses/vista.mspx.
Follow us
