Subscribe
The Trojan consists of two files. The first of these is a so-called executable file called stub.exe, which is 20 480 bytes in size. The second file is the constructor for the first file, and is 24 576 bytes in size. The constructor is used to assign parameters to the executable file, such as the path to the file to be downloaded from the Internet, and the name under which the downloaded file will be saved on the victim machine.
When launched, the Trojan displays the following window:
When the user clicks on "Create", the Trojan will copy stub.exe, which is located in the Trojan's working directory, under the name which has been entered in the "Downloader" field. The Trojan opens the copied file and writes data given in the data entry fields to the end of this file in the following format:
CONFIGIf your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process
- Delete the original Trojan files (the location will depend on how the program originally penetrated the victim machine).
- Delete the file downloaded by the Trojan:
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan will download other programs from the Internet and launch them on the victim machine without the user's knowledge or consent. It is a Windows PE EXE file. The file is 24 576 bytes in size. This Trojan is written in Visual Basic. Payload
Hot Articles