If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
- Delete the original trojan file (its location on the infected computer will depend on how the program got onto the computer).
- Using the MMC (Microsoft Management Console) ("Services and applications\Services" tab), restore the startup parameters for the "wuauserv" and "BITS" services.
- Run a full Kaspersky Antivirus scan of the computer with updated antivirus databases (download trial version).
After launching, the trojan uses the system utility "sc.exe" to carry out the following command sequence:
sc.exe config wuauserv start= auto sc.exe config BITS start= demand sc.exe stop wuauserv sc.exe config BITS start= disabled sc.exe config wuauserv start= disabled
This stops and cancels the automatic launch of the "wuauserv" service (Windows Automatic Update service), and also cancels the automatic launch of the "BITS" service (Background Intelligent Transfer Service). The trojan then opens the following resource in the Internet Explorer browser:
The trojan then shuts down.
A trojan program that carries out destructive actions on the user's computer. It is a Windows application (PE-EXE file). 8704 bytes. Written in C++.