If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
- Delete the original program file (its location on the infected computer will depend on how the program got onto the computer).
- Delete the files downloaded by the trojan located in the current user's temporary file directory under the following names.
- Delete the system registry key (how to work with the registry?):
- Run a full Kaspersky Antivirus scan of the computer with updated antivirus databases (download trial version).
When launching, the trojan looks for and carries out the following processes within the system:
NaverAgent.exe Nsavsvc.npc nsvmon.npc NVCAgent.npc Vcrmon.exe SpiderNt.exe SpiderUI.exe AYAgent.aye AYServiceNT.exe
The trojan then downloads 4 files from the following links:
http://www.j***utl.info/gx2/x4.txt http://www.i***ef.info/gx/x3.txt http://www.g***fj.info/xztj/22.txt http://www.o***rh.info/xztj1/12.txt
These links did not work when creating the description.
The downloaded files are saved in the current user's temporary file directory under the following names:
Where <rnd> – random digits.
The downloaded files are then launched and the trojan shuts down. The trojan is deleted when reloading the original file.
A trojan program that downloads files from the internet without the user's knowledge and launches them. It is a Windows application (PE-EXE file). 7168 bytes. Written in C++.
When launching, the trojan copies its executable file under the following name:
So that it may be automatically launched each time the system is started, the trojan adds a link to its executable file in the system registry startup key: