|Detected||Jan 28 2011 13:06 GMT|
|Released||Jan 28 2011 17:41 GMT|
|Published||Mar 25 2011 09:34 GMT|
This Trojan opens different websites in the browser without the user's knowledge. It is a Visual Basic Script file. It is 2596 bytes in size.
The malicious user injects this script into infected HTML pages. Once launched, the Trojan decrypts its body, then in a hidden frame it opens the resource placed on the same server, where the infected page is located:
http://<address of infected page>/kal/anetdqyocuevemc3.php
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
%Temporary Internet Files%
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.