The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1


Detected Jan 28 2011 13:06 GMT
Released Jan 28 2011 17:41 GMT
Published Mar 25 2011 09:34 GMT

Technical Details
Removal instructions

Technical Details

This Trojan opens different websites in the browser without the user's knowledge. It is a Visual Basic Script file. It is 2596 bytes in size.


The malicious user injects this script into infected HTML pages. Once launched, the Trojan decrypts its body, then in a hidden frame it opens the resource placed on the same server, where the infected page is located:

http://<address of infected page>/kal/anetdqyocuevemc3.php

Removal instructions

If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:

  1. Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
  2. Empty the Temporary Internet Files directory, which may contain infected files (see How to delete infected files from Temporary Internet Files folder?):
    %Temporary Internet Files%
  3. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).

md5: 3EE2542E8EA29DBE302663A52AF2170F
sha1: 926C9AF5A0470069E34DC5B2FB579C6BE102F0FC

Bookmark and Share

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.

Other versions