Subscribe
Once launched, the Trojan will:
- terminate the following processes:
AVWUPD32.EXE AVPUPD.EXE LUALL.EXE DRWEBUPW.EXE ICSSUPPNT.EXE ICSUPP95.EXE UPDATE.EXE NUPGRADE.EXE AUPDATE.EXE AUTODOWN.EXE AUTOTRACE.EXE AUTOUPDATE.EXE AVXQUAR.EXE CFIAUDIT.EXE MCUPDATE.EXE
- send an HTTP request to the following address: *****virgins.com
- download (in accordance with the request parameters) files which
will be saved to the Windows directory as follows:
%WinDir%\secure.html %WinDir%\securea.html %WinDir%\secureb.html %WinDir%\reg33.exe %WinDir%\test.exe %WinDir%\dl.exe %WinDir%\dl.html %WinDir%\dlm.exe %WinDir%\consol32.exe %WinDir%\dlm.html %WinDir%\msstasks.exe %WinDir%\toffel32.exe %WinDir%\mstaskss.exe %WinDir%\mssys.exe
At the time of writing, these files would not be downloaded to the victim machine.
- launch the following files for execution:
%WinDir%\reg33.exe %WinDir%\dkdial.exe %WinDir%\dl.exe %WinDir%\dlm.exe %WinDir%\toffel32.exe %WinDir%\consol32.exe %WinDir%\msstasks.exe %WinDir%\mstaskss.exe %WinDir%\mssys.exe
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following files:
%WinDir%\secure.html %WinDir%\securea.html %WinDir%\secureb.html %WinDir%\reg33.exe %WinDir%\test.exe %WinDir%\dl.exe %WinDir%\dl.html %WinDir%\dlm.exe %WinDir%\consol32.exe %WinDir%\dlm.html %WinDir%\msstasks.exe %WinDir%\toffel32.exe %WinDir%\mstaskss.exe %WinDir%\mssys.exe
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 6656 bytes in size. It is written in C .
Payload
Hot Articles