When an infected page is opened, the Trojan decrypts itself using Java Script tools and launches its malicious code for execution. The HTML document that opens contains an embedded hidden frame in which the Trojan attempts to open the following web resource:
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original Trojan file (its location will depend on how the program originally penetrated the victim machine).
- Empty the Temporary Internet Files folder, which may contain infected files (How to delete infected files from Temporary Internet Files folder?).
- Update your antivirus databases and perform a full scan of the computer (Download a trial version of Kaspersky Anti-Virus).