Other versions: .bnc, .crh, .ex, .mp, .sg
| Detection added |
May 19 2008 |
| Update released |
May 19 2008 16:08 GMT |
| Description added |
Oct 07 2008 |
This Trojan downloads another malicious program via the Internet and launches
it on the victim machine without the user’s knowledge or consent. It
is a Visual Basic Script file. It is 1159 bytes in size.
The Trojan downloads a file from the following link:
http://veryblomar.com/*****/load.php
The file is then saved as follows:
%Documents and Settings%\Local settings\Temporary Internet Files\svchosts.exe
The file is then launched for execution.
At the moment of writing, the link was not active.
If your computer does not have an up-to-date antivirus, or does not have an
antivirus solution at all, follow the instructions below to delete the malicious
program:
- Use Task
Manager to terminate the malicious program’s process.
- Delete the original Trojan file (the location will depend on how the program
originally penetrated the victim machine).
- Delete the following file:
%Documents and Settings%\Local settings\Temporary Internet Files\svchosts.exe
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
