Warning: the AAEH botnet, along with prevention and mitigation recommendations.
- Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
- Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware.
AAEH is often propagated across networks, removable drives (USB/CD/DVD), and through ZIP and RAR archive files. Also known as VObfus, VBObfus, Beebone or Changeup, the polymorphic malware has the ability to change its form with every infection. AAEH is a polymorphic downloader with more than 2 million unique samples. Once installed, it morphs every few hours and rapidly spreads across the network. AAEH has been used to download other malware families, such as Zeus, Cryptolocker, ZeroAccess, and Cutwail.
- Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
- Change your passwords - Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
- Keep your operating system and application software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
- Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection.
- F-Secure Online Scanner for Windows Vista, 7 and 8 (link is external)
- F-Secure Removal Tools for Windows XP (link is external)
- McAfee Stinger for Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7 and 8 (link is external)
- Microsoft Safety Scanner for Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP (link is external)
- Sophos Virus Removal for Windows XP SP2 and above (link is external)
- Trend Micro Threat Detector for Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003/2008, and 2008 R2 (link is external)