Exploit.JS.Agent.bl

The exploit uses a vulnerability in the "rawParse()" method of the ActiveX component of Baofeng Storm to conduct a buffer overrun and download a file from the following link:

At the time of the writing, this link was not active.

The downloaded file will be saved to the Windows system directory as

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Use Task Manager to terminate the worm process.
2. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
3. Delete the following file: %System%\a.exe
4. Delete the contents of %Temporary Internet Files%.
5. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).

This exploit program uses an unpatched vulnerability in Baofeng Storm which makes it possible to run random code on the victim machine. It is an HTML page which contains Visual Basic Script and Java Script scenarios. It is 7599 bytes in size.