Removal Instructions

If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:

  1. Delete the original program file (its location on the infected computer will depend on how the program got onto the computer).
  2. Change the modified "%System%\drivers\etc\hosts" file using any standard application (for example, "Blocknote" — "Notepad"). You need to delete all of the strings added by the trojan. The original hosts files looks as follows:
    # (C) Microsoft Corp., 1993-1999
    # It is a sample HOSTS file using Microsoft TCP/IP for Windows.
    # This file contains the mappings for the IP-address to the host names.
    # Each element should be located within a separate string. The IP-address should
    # be located in the first column, followed by the relevant name.
    # The IP-address and host name should be separated by at least one space.
    # Moreover, some strings may contain comments 
    # (details of the string). These should follow the name of the host and should be separated
    # from it by the '#' symbol.
    # For example:
    # # source server
    # # client host x localhost

  3. Run a full Kaspersky Antivirus scan of the computer with updated antivirus databases (download trial version).

MD5: af66f43f9ef8d8e3257e67592e71e7a3
SHA1: 3f43c4d6b0548d331e83545da22647b2122c6ee3


Using the "wget" utility, the trojan downloads a file from the internet from the following link:***9bc

The link did not work when creating the description.

The downloaded file is copied by the trojan under the following names:


The trojan therefore replaces the "hosts" system file if the operating system is installed on one of the indicated drives.

Technical Details

A trojan program that downloads files from the Internet without the user's knowledge. This is a batch file command interpreter (BAT-file). 8326 bytes.