This Trojan downloads another program via the Internet and launches it on the victim machine without the user's knowledge or consent. It is a Windows PE EXE file. The size of infected files can range from 18KB to 47KB.
| Payload |
The Trojan contacts the following web site:
There is a list of files for download located on this link.
This list is saved to the directory as shown below:
The links in the file are encrypted.
The Trojan then downloads files from the links and saves them as shown below:
<rnd> stands for a random string of numbers and lower case Latin letters Example: m2zpp.exe, 43m66m.exe.
Once the files have been downloaded, they are launched for execution, and then delete themselves. If the downloaded files are dll files, they will register themselves in the system and be launched for execution next time the system is started.
Once it has delivered its payload, the original Trojan deletes its body.
| Removal instructions |
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine) if it has not deleted itself.
Leave a comment