| Detection added |
Nov 26 2006 16:44 GMT |
| Update released |
Nov 26 2006 18:18 GMT |
| Description added |
Jan 11 2008 |
| Behavior |
Trojan |
This Trojan has a malicious payload. It is a Windows PE EXE file. It is
22016 bytes in size.
Installation
In order to ensure that the Trojan is launched automatically each time the
system is booted, the Trojan adds a link to its executable file in the system
registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SVCHOST" = "<path to and name of Trojan executable file>
"
The Trojan scans the system for a window with the heading shown below:
and closes it.
If your computer does not have an up-to-date antivirus, or does not have an
antivirus solution at all, follow the instructions below to delete the malicious
program:
- Use Task
Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on
how the program originally penetrated the victim machine).
- Delete the following system
registry key parameter:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SVCHOST" = "<path to and name of Trojan executable file>
"
- Update your antivirus databases and perform a full scan of the
computer (download a trial version of Kaspersky Anti-Virus).
