|Detected||Feb 16 2009 22:09 GMT|
|Released||Feb 17 2009 03:34 GMT|
|Published||Mar 12 2009 15:23 GMT|
This Trojan calls premium rate numbers without the knowledge or consent of the user. It is a Windows PE EXE file. It is 25131 bytes in size. It is written in Delphi.
Once launched, the Trojan launches a copy of its own process and injects malicious code (detected by Kaspersky Anti-Virus as Trojan.Win32.Dialer.tvx) into this process.
This code will:
This file is saved to the Windows directory as “number.txt”:
Parameters and phone numbers which will be used to make future calls are read from this file. The file will then be deleted.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.