Subscribe
Once launched, the Trojan downloads files from the following URLs:
http://www.**vio.com/opnste/uninstall.exe http://www.**vio.com/opnste/opnste.dll http://www.**vio.com/opensite/opensite.exe
and saves them as:
- %Program Files%\Open Site\uninstall.exe (57 334 bytes)
- %Program Files%\Open Site\opnste.dll (151 552 bytes, will be detected by Kaspersky Anti-Virus as Trojan-Clicker.Win32.VB.ep)
- %Program Files%\Open Site\opnste.dll (135,168 bytes, will be detected by Kaspersky Anti-Virus as Trojan-Clicker.Win32.VB.br)
The Trojan will then launch the following file for execution:
%Program Files%\Open Site\opensite.exe
- Use Task Manager to terminate the Trojan process
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following files: %Program Files%\Open Site\uninstall.exe %Program Files%\Open Site\opnste.dll %Program Files%\Open Site\opensite.exe
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus)
This Trojan downloads software via the Internet without the knowledge or consent of the user. The program itself is a Windows PE EXE file. The file is 20,480 bytes in size. It is written in Visual Basic.
Payload
Hot Articles