Trojan-Downloader.JS.Agent.ex

Technical Details

This Trojan downloads other programs via the Internet and launches them on the victim machine without the user’s knowledge or consent. The Trojan components vary in size from 7 to 19KB. It is written in JavaScript.

Payload

Once launched, the Trojan downloads a file from the following URL:

http://www.tankersite.com/1/*****/zerr.exe

At the moment of writing, this link was not working.

The downloaded file will be saved as:

C:\1.exe

The file will then be launched for execution.

Removal Instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  2. Delete the following file:
    C:\1.exe
  3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).