| Detection added |
Mar 16 2009 |
| Description added |
Apr 15 2009 |
This Trojan is designed to install and launch other programs on the victim
machine without the knowledge or consent of the user. It is a Windows PE EXE
file. It is 78848 bytes in size. It is written in C++.
Once launched, the Trojan checks the system date. If the date is later than
09.03.2009, the Trojan ceases running and deletes itself. It also checks to
see if Net-Worm.Win32.Kido is present on the infected machine.
Once it has completed these checks, it extracts a malicious program from its
body which Kaspersky Anti-Virus detects as Trojan-Downloader.Win32.Kido.a and
places this file in the current user's Windows temporary directory:
%Temp%\<:rnd>.tmp, with rnd standing for a random string
of symbols.
This file is 81408 bytes in size. This file will then be launched for execution.
The Trojan also extracts a batch file from its body and places this file in
the current user’s Windows temporary directory:
%Temp%\<rnd>.cmd, with <rnd> being a random string
of symbols
This file is 53 bytes in size and used by the Trojan to delete itself.
Once extracted, it is launched for execution and deletes the original Trojan
file.
If your computer does not have an up-to-date antivirus, or does not have an
antivirus solution at all, follow the instructions below to delete the malicious
program:
- Delete the original Trojan file (the location will depend on how the program
originally penetrated the victim machine) if it has not deleted itself.
- Delete all files created by the Trojan:
%Temp%\<rnd>.tmp
%Temp%\<rnd>,cmd
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
