Subscribe
The Trojan deletes the following files:
c:\windows\win.com c:\windows\win.ini C:\windows\himem.sys C:\dos\himem.sys C:\Command\Ebd\himem.sys C:\windows\EMM386.exe C:\windows\Command\Keyb.com C:\windows\system\user32.dll
The Trojan also deletes all files from the following folder:
C:\windows\command\As a result, the operating system will become non-functional.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following file: C:\windows\system\winsys32.exe
- Delete the following file from C:\autoexec.bat: C:\windows\system\winsys32.exe
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 9 216 bytes in size.
InstallationWhen launched, the Trojan will copy its executable file to the following location:
C:\windows\system\winsys32.exeTo ensure that the Trojan is launched next time the system is started, it adds a link to its executable file to C:\autoexec.bat.
Payload
Hot Articles