Subscribe
The Trojan has system timer functionality; using this, the hidden Trojan process will connect to
http:\\cav.ru
at pre-determined intervals.
http:\\www.cav.ru
- Delete the original Trojan file (its location will depend on how the program originally penetrated the victim machine).
- Delete the following file:
%Windir%\LIES.EXE
- Delete the following key from the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
This Trojan will periodically load a designated web page into the browser. The Trojan itself is written in Microsoft Visual Basic and is 32768 bytes in size.
InstallationThis Trojan uses a standard icon to mask itself as an installation program:
Once launched, the Trojan copies itself to the Windows root directory:
%Windir%\LIES.EXE
It then registers this file in the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Update"="%Windir%\LIES.EXE"This ensures that the Trojan will be launched automatically each time Windows is rebooted on the victim machine.
Payload
Hot Articles