Subscribe
The Trojan sends a request to the following site:
http://hall*****ps.narod.ru/A number of hit counters are located on this page, and the numbers will increase.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following system registry keys: (see What
is a system registry and how do I use it for details on how to edit the registry).
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Gigabyte"
This Trojan is designed to increase the number of times a site appears to have been visited. It is a Windows PE EXE file. The file is 41,037 bytes in size. It is written in Visual Basic.
InstallationOnce launched, the Trojan copies its body as follows:
%Documents and Settings%\%CurrentUser%\Application Data\<original name of Trojan file>.exeIn order to ensure that the Trojan is launched automatically each time the system is booted, it registers its executable file in the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Gigabyte" – "%Documents and Settings%\%CurrentUser%\Application Data\<original name of Trojan file>.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Gigabyte" – "%Documents and Settings%\%CurrentUser%\Application Data\<original name of Trojan file>.exe" Payload
Hot Articles