Virus:Trojan-Downloader.Win32.Small.cyn
| Detection added |
Jul 05 2006 14:50 GMT |
| Update released |
Jul 05 2006 16:48 GMT |
| Description added |
Jun 19 2007 |
| Behavior |
TrojanDownloader |
This Trojan will download other programs from the Internet and launch them on the victim machine without the user's knowledge or consent. It is a Windows DLL file. The file is 4,096 bytes in size. It is not packed in any way. It is written in Visual C++.
Once launched, the Trojan downloads a file from the following URL:
http://zenux.info/***/1.exe
This file is saved to the Windows system directory (%System%) as "svchivf.exe". The file is 8 961 bytes in size and will be detected by Kaspersky Anti-Virus as Backdoor.Win32.Agent.aoz. The downloaded file is then launched for execution.
The Trojan also creates a unique identifier, “WaAtTheFuck”, to flag its presence in the system.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following file: %System%\svchivf.exe
- Update your antivirus databases and perform a full scan of the computer ( download a trial version of Kaspersky Anti-Virus).
|