This Trojan has a malicious payload. It is a Windows PE EXE file. It is 11,264 bytes in size. It is packed using UPX. The unpacked file is approximately 24KB in size. It is written in C++.
When launched, the Trojan creates a thread which every second performs the following actions:
terminates all processes that contain one of the strings listed below in their names:
ANTIVIR WEBSCANX SAFEWEB ICMON CFINET CFINET32 AVP.EXE LOCKDOWN2000 AVP32 ZONEALARM ALERTSVC AMON.EXE AVPCC.EXE AVPM.EXE ESAFE.EXE PCCIOMON PCCMAIN POP3TRAP WEBTRAP AVCONSOL AVSYNMGR VSHWIN32 VSSTAT NAVAPW32 NAVW32 NMAIN LUALL LUCOMSERVER IAMAPP ATRACK MCAFEE FRW.EXE IAMSERV.EXE NSCHED32 PCFWALLICON SCAN32 TDS2-98 TDS2-NT VETTRAY VSECOMR NISSERV RESCUE32 SYMPROXYSVC NISUM NAVAPSVC NAVLU32 NAVRUNR NAVWNT PVIEW95 F-STOPW F-PROT95 PCCWIN98 IOMON98 FP-WIN NVC95 NORTON
scans the system for the Task Manager window and terminates it.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Reboot the computer.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).