Technical Details
This Trojan is designed to install and launch other programs on the victim machine without the knowledge or consent of the user. It is a Windows application (PE EXE file). It is 27 136 bytes in size. It is written in C++.
Payload
Once launched, the Trojan extracts the following file from its resources to the current user's temporary directory:
%Temp%<rnd1>.vbs
where <rnd1> is a random set of numbers and letters, for example "4c9b4162" or "3b5d51c8".
This file is 2967 bytes in size. It is detected by Kaspersky Anti-Virus as Trojan-Downloader.VBS.Agent.aae.
The Trojan then launches the extracted file, deletes its original body, and ceases running.
Removal instructions
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
- Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
- Delete the following files:
%Temp%\<rnd>.tmp
Žádné komentáře:
Okomentovat