Removal Instructions

If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:

  1. Delete the original program file (its location on the infected computer will depend on how the program got onto the computer).
  2. Clear the Temporary Internet Files directory which may contain infected files (How to delete infected files in the Temporary Internet Files folder?):
    %Temporary Internet Files%

  3. Delete the following file:

  4. Run a full Kaspersky Antivirus scan of the computer with updated antivirus databases (download trial version).


When launched, the exploit downloads a file from a link. Depending on the version, the exploit may download the file from different links, for example:


When creating the description, two files were downloaded from some of the indicated links. One file is 16372 bytes and is detected by Kaspersky Antivirus as Trojan-Downloader.Win32.Agent.ssax. The second file is 25088 bytes and is detected by Kaspersky Antivirus as Trojan-Downloader.Win32.Geral.vnk. The downloaded file is saved under the following name:

The downloaded file is then launched and the exploit shuts down.

Technical Details

An exploit that uses a vulnerability in the Web-browser for its implementation on the user's computer. It is a HTML-page containing JavaScript. It has several versions of around 3-4 kB.