Technical Details

This Trojan opens different websites in the browser without the user's knowledge. It is a Visual Basic Script file. It is 2596 bytes in size.


The malicious user injects this script into infected HTML pages. Once launched, the Trojan decrypts its body, then in a hidden frame it opens the resource placed on the same server, where the infected page is located:

http://<address of infected page>/kal/anetdqyocuevemc3.php

Removal Instructions

If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:

  1. Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
  2. Empty the Temporary Internet Files directory, which may contain infected files (see How to delete infected files from Temporary Internet Files folder?):
    %Temporary Internet Files%

  3. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).

md5: 3EE2542E8EA29DBE302663A52AF2170F
sha1: 926C9AF5A0470069E34DC5B2FB579C6BE102F0FC