Technical Details

This Trojan has a malicious payload. It is a Windows PE EXE file. It is 22016 bytes in size.


In order to ensure that the Trojan is launched automatically each time the system is booted, the Trojan adds a link to its executable file in the system registry:

"SVCHOST" = "<path to and name of Trojan executable file> "


The Trojan scans the system for a window with the heading shown below:

and closes it.

Removal Instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Use Task Manager to terminate the Trojan process.
  2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  3. Delete the following system registry key parameter:
    "SVCHOST" = "<path to and name of Trojan executable file> "
  4. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).