Clean up malware resulting from the Bamital botnet

On February 6, Microsoft announced that its Digital Crimes Unit had worked with Symantec to successfully deactivate a major botnet called Bamital. Below is an overview of Bamital and how you can remove it from your computer.

Botnets are networks of compromised computers, controlled remotely by criminals who use them to  secretly spread malware, steal personal information, and commit fraud. Bamital was designed to hijack internet search results and take people to websites that were potentially dangerous.

To learn more about botnets, see How to better protect your PC with botnet protection and avoid malware.

A majority of computers affected by Bamital were running Windows XP and not using a firewall and antivirus software or having monthly security updates installed.

You might have malware on your computer if you see this page:

To help clean Bamital and other malware from your computer, you can install antivirus and antispyware programs that are available online from a provider that you trust.

Microsoft and Symantec each provide free malware removal tools:

For more information about how to remove malware, visit the Virus and Security Solution Center from Microsoft Support.

Read more at the Official Microsoft Blog.

About the Author
Eve Blakemore

Group Manager, Trustworthy Computing

Eve Blakemore is a Group Manager for Trustworthy Computing who delivers consumer guidance around the latest trends in security and privacy. Eve joined Microsoft in 1998 and has worked in corporate and field roles with Microsoft Learning, US Public Sector, Read more »

Join the conversation

  1. Anonymous

    Why does my computer start up on its own each night at 3am?  I am not running updates or scans at this time, and I have Windows XP?

  2. Anonymous

    Each time i am working in s document i can not save and the programme shuts down. I not able to save my work. Microsoft is not working and just shuts down

    Can not save as in documents or on desktop

  3. Anonymous

    Probably the best thing is get away from Windows XP. Anti Virus does not significantly help as much as we had all hoped it would. After running Anti Virus for years. Of those years much of the malware I was infected with was never stopped by Anti Virus software. A properly updated operating system, a modern browser and good safety habits by the end user. Do far more good.

  4. Anonymous

    Windows XP service pack 3. After uninstalling norton 360, I am unable to turn the microsoft firewall on. Microsoft Security Center presents a button to enable the firewall, it doesn't work but points to control panel for windows firewall. Control for windows firewall doesn't respond when click to set firewall to on. The microsoft fixit for the issue doesn't turn the firewall on.

  5. Anonymous

    I was contacted yesterday by a foreign-speaking person who told me I had malware on my computer.  I wouldn't open my computer for him, and insisted that he leave a phone number (818-921-6751.  He told me California area code.  He said company was 24 PC Solutions and supports Microsoft.   I was told to call them back, but of course didn't.   I had an update performed yesterday   and was confident that Microsoft wasn't the one calling.  Just wanted to let you know.

  6. Anonymous

    Apparently the botnet gets deep into computers. This morning I went to Control Panel and inspected content advisor. I am unable to access it. Someone stole my password. At this time, it appears that I will have to reformat my computer.

  7. Anonymous


    It could be windows update. The default download and install time is 03:00, the machine will reboot if the updates required it

  8. Anonymous

    to Karen

    Had a customer with same compaint. his machine was set to wake on fax or wake on modem.

    incoming unsolicited fax booted system.

  9. Anonymous

    I had a phone call last night from  "Alex" that stated my computer had been reporting security alerts and he was from Windows Security systems.  I was suspicious and told him I would contact my local computer tech.  Was this a scam? Or does Windows call homes?

Comments are closed.