Subscribe
When launching, the Trojan opens the following link:
http://www.postcard.ru/The Trojan launches a copy of svchost.exe, a system process, and injects its code into the process, which will in turn download files from the following links:
http://www.*****publicidad.com/images/images.php?w=1 http://www.*****publicidad.com/images/images.php?w=2 http://www.*****publicidad.com/images/images.php?w=3 http://www.*****publicidad.com/images/images.php?w=4
It saves these files to its working directory under the following names:
win1ogon.exe - this file is 11 305 bytes in size, and will be detected by Kaspersky Anti-Virus as Trojan-Spy.Win32.Iespy.ag mshelper.exeIf your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
.
- Use Task Manager to terminate the "svchost.exe" process.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following files from the Trojan's working directory:
win1ogon.exe mshelper.exe dxinstall.exe msofficer.exe- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus)
This Trojan downloads other programs via the Internet and launches them on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. The file is 2,269 bytes in size. It is packed using FSG. The unpacked file is approximately 8KB in size.
Payload
Hot Articles