This Trojan opens different websites in the browser without the user's knowledge. It is a Visual Basic Script file. It is 2596 bytes in size.
The malicious user injects this script into infected HTML pages.
Once launched, the Trojan decrypts its body, then in a hidden frame it opens the resource placed on the same server, where the infected page is located:
http://<address of infected page>/kal/anetdqyocuevemc3.php
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
- Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
- Empty the Temporary Internet Files directory, which may contain infected files (see How to delete infected files from Temporary Internet Files folder?):
%Temporary Internet Files%
- Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).