|Detected||Feb 26 2009 18:52 GMT|
|Released||Feb 26 2009 23:24 GMT|
|Published||Oct 25 2010 09:39 GMT|
This Trojan installs other programs to the victim machine without the knowledge or consent of the user. It is a Windows application (PE EXE file). It is 33 400 bytes in size. It is packed using UPX. The unpacked file is approximately 73 KB in size. It is written in Delphi.
Once launched, the Trojan performs the following actions:
%Program Files%\Internet Explorer\JavaNe64.Bet
%Program Files%\Internet Explorer\JavaNe64.BetThe first 2 bytes of the file are replaced with
%Program Files%\Internet Explorer\BoboChen.jsp(50 296 bytes; detected by Kaspersky Anti-Virus as "Worm.Win32.AutoRun.aazu") The file is created with the "hidden" and "system" attributes.
The extracted library contains functionality that enables the malicious user to hijack accounts of the Chinese Tencent QQ instant messaging service.
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
%Program Files%\Internet Explorer\JavaNe64.Bet %Program Files%\Internet Explorer\BoboChen.jsp
Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.
This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).
Such programs are used by hackers to: