Subscribe
Once launched, the Trojan sends requests to the following sites:
http://www.abc567.cn/words/kuailaoclick.asp http://www.abc567.cn/words/ggclick.asp http://www.abc567.cn/words/oktiesetup.asp http://www.abc567.cn/words/google.asp http://www.abc567.cn/words/tanchuang.asp http://www.abc567.cn/words/words.asp http://www.abc567.cn/words/kuailao.asp http://www.abc567.cn/words/yahoo.asp http://www.abc567.cn/words/oktie.asp http://www.abc567.cn/words/oktie.asp http://www.abc567.cn/words/tanchuang.asp
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following system
registry key parameter:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"lsass" = "
This Trojan is designed to increase the number of times a site appears to have been visited. It is a Windows PE EXE file. It is 24576 bytes in size. It is written in Visual Basic.
InstallationIn order to ensure that the Trojan is launched automatically each time the system is restarted, the Trojan registers its executable file in the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "lsass" = "<path to Trojan executable file> " Payload
Hot Articles