Subscribe
The Trojan launches a proxy server on the victim machine. It has the following configuration options:
- launch in memory resident mode;
- choose to harvest data to a log;
- determine IP address for incoming/ outgoing connections.
The Trojan also opens the following links:
http://vistachecker.com/show.php?v=132If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the "svchost.exe" process launched from %WinDir%.
- Delete the following parameter from the system registry (see What is a system registry and how do I use it for details on how to edit the registry).
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SVCHOST Generic application" = "%WinDir%\svchost.exe"Delete the following file:
%WinDir%\svchost.exe- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan program enables a remote malicious user to use the victim machine as a proxy server. Consquently, the malicious user's activity will appear to be coming from the victim machine. It is a Windows PE EXE file. The file is 43,008 bytes in size. It is written in Visual C .
InstallationOnce launched, the Trojan copies itself to the Windows root directory (%WinDir%) as "svchost.exe":
%WinDir%\svchost.exeIt then registers itself in the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SVCHOST Generic application" = "%WinDir%\svchost.exe"This ensures that the Trojan will be launched each time Windows is booted on the victim machine.
Payload
Hot Articles