If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
- Delete the original trojan file (its location on the infected computer will depend on how the program got onto the computer).
- Delete the following files:
- Disable the vulnerable ActiveX objects (How to stop launching the ActiveX control element in the Internet Explorer browser).
- Install the following updates:
- Run a full Kaspersky Antivirus scan of the computer with updated antivirus databases (download trial version).
After opening the infected page, the trojan uses Java Script to decipher the obfuscated code and then launches the malicious script for execution. If the trojan was launched in MS Internet Explorer – using ActiveX object "Microsoft.XMLHTTP", it tries to download the file from the following URL:
and then, using ActiveX object "ADODB.Stream", it saves the file under the following name:
Furthermore, using the vulnerability in MDAC (Microsoft Data Access Components) in ActiveX object "RDS.DataSpace" (MS06-014), and using ActiveX object "Microsoft.XMLHTTP", the trojan tries to download the file from the following URL:
Using ActiveX object "ADODB.Stream", it saves the file under the following name:
After successful download, the files are launched for execution. These links did not work when creating the description. The trojan then displays the following strings in the browser:
please check url Error: fzf
A trojan program that downloads other software to the computer without the user's knowledge and launches this software for execution. It is a HTML document containing Java Script. 16506 bytes.