This Trojan has a malicious payload. It is a Windows PE EXE file. It is 22016 bytes in size.
In order to ensure that the Trojan is launched automatically each time the system is booted, the Trojan adds a link to its executable file in the system registry:
The Trojan scans the system for a window with the heading shown below:
and closes it.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following system registry key parameter:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]"SVCHOST" = "<path to and name of Trojan executable file> "
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).