Subscribe
When launched, the Trojan checks the location of its file in the file system. If the file is called
\Windows\cfginst.exeit will download a file from the following link:
http://www.papago.com.tw/mapcenter/****msg.htmand save it as:
\windows\datacfginst.ldtIf your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine). The file may be located at: \Windows\cfginst.exe
- Delete the following file: \windows\datacfginst.ldt
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan downloads other programs via the Internet and launches them on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 3,584 bytes in size.
Payload
Hot Articles