| Detection added |
Feb 01 2007 20:34 GMT |
| Update released |
Feb 01 2007 22:45 GMT |
| Description added |
May 31 2007 |
| Behavior |
Trojan |
This Trojan is a Windows PE EXE file. The file is 61 440 bytes in size.
During installation, the Trojan creates a file and saves its configuration
to this file:
%WinDir%\cchost.ini
This Trojan is designed to send spam from a victim machine. When launched,
it attempts to download, in encrypted form, the spam that will be sent:
http://www.smalltool.net/remotewatch/send_****.php
It also downloads a list of email addresses from the following address:
http://www.smalltool.net/remotewatch/user****.php
The Trojan will then send the spam it downloaded to the addresses on the list.
If your computer does not have an up-to-date antivirus, or does not have an
antivirus solution at all, follow the instructions below to delete the malicious
program:
- Use Task
Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on
how the program originally penetrated the victim machine).
- Delete the following file:
%WinDir%\cchost.ini
- Update your antivirus databases and perform a full scan of the
computer (download a trial version of Kaspersky Anti-Virus).
