Subscribe
Every 60 minutes, the Trojan uses Internet Explorer to open the link below:
http://xlogin.netfirms.com/*****.htmlIf your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following file: C:\Windows\erxs.exe
- Delete the following system
registrykey:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"DPA" = "c:\windows\erxs.exe" - Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan opens web sites without the knowledge or consent of the user. It is a Windows PE EXE file. It is 3584 bytes in size. It is written in C .
InstallationWhen launching, the Trojan causes the following message to be displayed:
It then copies its executable file as follows:
C:\Windows\erxs.exeIn order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan registers its executable file in the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]"DPA" = "c:\windows\erxs.exe" Payload
Hot Articles