English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan.Win32.Small.cjr

Trojan.Win32.Small.cjr

Detected May 31 2010 13:56 GMT
Released May 31 2010 20:37 GMT
Published Dec 22 2010 09:30 GMT

Manual description Auto description
This description was created by experts at Kaspersky Lab. It contains the most accurate information available about this program.

Technical Details
Payload
Removal instructions

Technical Details

This Trojan downloads files from the Internet and launches them on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 4,096 bytes in size. It is written in C++.


Payload

After launch, the Trojan downloads files from the Internet at the following links: 

http://69.***.241/fxasd/xl2.php
http://76.***.4/data/upd13.dat
The downloaded files are saved in the current user’s temporary folder “%Temp%” using random names. Once successfully downloaded, the files are launched for execution. At the time of writing, these files could not be downloaded.


Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Delete the original Trojan file (its location will depend on how the program originally penetrated the victim machine).
  2. Delete the files downloaded by the Trojan in the “%Temp%” folder.
  3. Empty the Temporary Internet Files folder, which may contain infected files (How to delete infected files from Temporary Internet Files folder?).
  4. Update your antivirus databases and perform a full scan of the computer (Download a trial version of Kaspersky Anti-Virus).



Print
Bookmark and Share
Share
Trojans
Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.


Other versions
Trojan.Win32.Small.dl
Trojan.Win32.Small.eu
Trojan.Win32.Small.ev
Trojan.Win32.Small.hf
Trojan.Win32.Small.hg
Trojan.Win32.Small.nt

Aliases

Trojan.Win32.Small.cjr (Kaspersky Lab) is also known as:

  • Trojan: Generic.dx!vez (McAfee)
  • Mal/Behav-164 (Sophos)
  • Trojan.Agent-165301 (ClamAV)
  • Heuristic.WinPE-Statistical (Panda)
  • Trojan.DownLoad1.60836 (DrWeb)
  • Trojan.Generic.4357234 (BitDef7)
  • Win32:Rootkit-gen [Rtk] (AVAST)
  • Trojan.Win32.Small (Ikarus)
  • Generic22.ACUI (AVG)
  • Downloader.Trojan (NAV)
  • NseCheckFile2() returned 0x00010018 (Norman)
  • Trojan.Win32.Generic.125FC8FA (Rising)
  • TROJ_SMALL.SMJB (TrendMicro)

© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search