English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Trojan.JS.Iframe.ug

Detected Jun 26 2011 03:41 GMT
Released Jun 26 2011 05:49 GMT
Published Sep 08 2011 13:13 GMT

Technical Details
Payload
Removal instructions

Technical Details

A trojan program that opens various websites in the browser without the user's knowledge. It is a HTML-page containing JavaScript. 7507 bytes.


Payload

After opening the infected page in the browser, the trojan uses Java Script tools to decipher the code and launch it for execution. Furthermore, a resource located at the following link will be opened in the hidden frame:

http://voh***h.in/index.php?tp=27a7adb6290c6b75
Then, using the vulnerability in the installed browser, other malware may be downloaded from this site to the user's computer.

The link did not work when creating the description.


Removal instructions

If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:

  1. Delete the original trojan file (its location on the infected computer will depend on how the program got onto the computer).
  2. Clear the Temporary Internet Files directory which may contain infected files (How to delete infected files in the Temporary Internet Files folder?).
  3. Run a full Kaspersky Antivirus scan of the computer with updated antivirus databases (download trial version).


MD5: 3C9DDD0BF78824058BCC440A872DAD4D
SHA1: E201EF21DF30605E5F424CD474E9C8E57184F370


Bookmark and Share
Share
Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.


Other versions