If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
- Delete the original trojan file (its location on the infected computer will depend on how the program got onto the computer).
- Clear the Temporary Internet Files directory which may contain infected files (How to delete infected files in the Temporary Internet Files folder?):
%Temporary Internet Files%
- Run a full Kaspersky Antivirus scan of the computer with updated antivirus databases (download trial version).
When opening the infected site in the user's browser, the trojan tries to download resources located at the following links in hidden frames:
http://la2z***g.ru/1.html http://goldf***ters.com/2.html http://la2gol***ub.com/ndex.html http://URLT***FO.TK/trafgobn.php?i=16602 http://la2gol**/me.com/index.html http://iptraf***q.co/trafgon.php?i=2 http://conccuba***ag.narod.ru http://urlt.***dns.org/?inif=17308&tt=653879077.5
After transferring from these links, it downloads other JS scripts which in turn build a "chain" of hidden frames where the above mentioned malicious resources are downloaded. These actions are carried out in order to "cheat" the counters on these sites and to increase traffic volume. For example, one of the "chains" of hidden frames links to the following resource:
TRAFFIC EXCHANGE, BUY AND SELL IFRAME TRAFFIC
located at the following address: