|Detected||Aug 10 2010 22:36 GMT|
|Released||Aug 11 2010 07:26 GMT|
|Published||Oct 25 2010 09:56 GMT|
This Trojan is designed to install and launch other programs on the victim machine without the knowledge or consent of the user. It is a Windows application (PE EXE file). It is 27 136 bytes in size. It is written in C++.
Once launched, the Trojan extracts the following file from its resources to the current user's temporary directory:
%Temp%<rnd1>.vbswhere <rnd1> is a random set of numbers and letters, for example "4c9b4162" or "3b5d51c8".
This file is 2967 bytes in size. It is detected by Kaspersky Anti-Virus as Trojan-Downloader.VBS.Agent.aae.
The Trojan then launches the extracted file, deletes its original body, and ceases running.
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
%Temp%\<rnd>.tmpwhere <rnd> is a random set of numbers and letters.
Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.
This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).
Such programs are used by hackers to: