1. /
  2. Security Response/
  3. Trojan.Gpcoder.E


Risk Level 1: Very Low

July 17, 2007
August 22, 2012 8:58:56 AM
Also Known As:
Virus.Win32.Gpcode.ai [Kaspersky], Win32/Kollah.AB [Computer Associates], Troj/GPCoder-G [Sophos], Sinowal.FY [Panda Software], PWS-JT [McAfee]
Infection Length:
58,368 bytes
Systems Affected:
Windows XP, Windows NT, Windows Server 2003, Windows 2000
Trojan.Gpcoder.E is a Trojan horse that encrypts files and then prompts the user to purchase a password in order to decrypt them.

Note: Virus definitions dated July 17, 2007 or earlier detect this threat as Infostealer.Banker.C.

For more information, please see the following resources:

Antivirus Protection Dates

  • Initial Rapid Release version July 17, 2007 revision 009
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version July 18, 2007 revision 004
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date July 18, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy


  • Damage Level: Low
  • Payload: Encrypts certain file types on the compromised computer.
    Opens a back door.
  • Releases Confidential Info: May steal sensitive information.


  • Distribution Level: Low
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Elia Florio

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report