Other versions: .bo, .co, .dc, .eu, .ev, .ew, .fa, .fp
| Detection added |
Nov 05 2006 15:21 GMT |
| Update released |
Nov 05 2006 16:24 GMT |
| Description added |
Sep 10 2007 |
| Behavior |
TrojanDownloader |
This Trojan downloads other files via the Internet and launches them for execution
on the victim machine without the user’s knowledge or consent. It is
5 456 bytes in size. It is written in Visual Basic Script.
Once launched, the Trojan injects its code into the memory of processes which
have the following unique identifier in the system registry:
{BD96C556-65A3-11D0-983A-00C04FC29E36}
The Trojan then uses a vulnerability in Internet Explorer to download a file
from the following URL:
http://coolroge.*****dns.com/roge.exe
This file will be saved to the Windows temporary directory as “feipeng.exe”:
%Temp%\feipeng.exe
The downloaded file is then launched for execution.
If your computer does not have an up-to-date antivirus, or does not have an
antivirus solution at all, follow the instructions below to delete the malicious
program:
- Delete the original Trojan file (the location will depend on
how the program originally penetrated the victim machine).
- Delete the following file:
%Temp%\feipeng.exe
- Update your antivirus databases and perform a full scan of the
computer (download a trial version of Kaspersky Anti-Virus).
