Trojan.JS.Agent.bmx

Technical Details
Payload
Removal instructions

Technical Details

This program has a malicious payload. The program is a Java Script scenario. It is 3,467 bytes in size.

Payload

This malicious script is part of other malware which exploits a number of vulnerabilities on the user’s system. After launch, the Trojan builds a malicious shell script. If this shell script is run on the victim machine, the following actions take place:

• The Trojan attempts to download the file located at the following link:

  http://my***1.info:8886/Down/my/31.exe

• It saves the downloaded file in the folder:

  %Documents and Settings%\%Current User%\a.exe

• and then launches the downloaded file.

At the time of writing, this link was inactive.

Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Delete the original Trojan file (its location will depend on how the program originally penetrated the victim machine).
2. Empty the Temporary Internet Files folder, which contains infected files (How to delete infected files from Temporary Internet Files folder?).

   %Temporary Internet Files%

3. Update your antivirus databases and perform a full scan of the computer (Download a trial version of Kaspersky Anti-Virus).