Subscribe
The Trojan gets the name of the victim machine and information about the amount of free disk space. This information will be sent to the following addresses using the appropriate user name and password. The information will be encrypted and called
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process (it may be called Kernl32.exe).
- Delete the following file:
%System%\Kernl32.exe
- Delete the following registry key value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"KRNL" = "Kernl32.exe" - Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan provides a remote malicious user with administration rights to the victim machine. It is a Windows PE EXE file. It is 16,896 bytes in size. It is not packed in any way. It is written in Visual C .
InstallationWhen launched, the backdoor copies itself to the Windows system directory (%System%) as "Kernl32.exe".
In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan registers its executable file in the system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]"KRNL" = "Kernl32.exe" Payload
Hot Articles