Subscribe
Once launched, the Trojan extracts a file from itself, and saves it to the C:\Windows directory as "inetloader.dll".
This file will then be registered in the system using regsrv32.exe. It will download the following file from the Internet: http://soft.*****incash.com/loader/run.xml. This file contains links to other files, and the paths used to save them. The Trojan then downloads files from the links given.
At the moment of writing, the
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following file:
C:\Windows\inetloader.dll
- Delete the following files:
%windir%\ticads.exe %windir%\tpopup.exe %windir%\tse.exe %windir%\tctool.exe %windir%\trusnibar.exe %windir%\url.exe
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan downloads other malicious programs. It is a Windows PE EXE file. It is written in Microsoft Visual C . It is not packed in any way. The size of infected files may vary from 20KB to 27KB. Payload
Hot Articles