| Detection added |
Jul 25 2007 19:23 GMT |
| Update released |
Feb 12 2008 17:36 GMT |
| Description added |
Oct 07 2008 |
| Behavior |
Trojan |
This Trojan has a malicious payload. It is a Windows PE EXE file. It is
319488 bytes in size.
Once launched, the Trojan adds the icon shown below to the system tray:
It then extracts a DLL file 47616 bytes in size from its body and saves it
to the temporary directory under a temporary name. The Trojan then registers
this library in the system by running the following command:
regsvr32.exe >file name< /S
If your computer does not have an up-to-date antivirus, or does not have an
antivirus solution at all, follow the instructions below to delete the malicious
program:
- Use Task
Manager to terminate the malicious program’s process.
- Delete the original Trojan file (the location will depend on how the program
originally penetrated the victim machine).
- Delete the contents of the %Temp% directory.
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
