- Security Center
- English ▾
If the Trojan opens an infected web-page in the MS Internet Explorer, it decrypts its obfuscated body using Java Script and downloads a file from the following URL using the ActiveX object "Microsoft.XMLHTTP"
The URL did not respond when the description was created.
Using the ActiveX object "ADODB.Stream", the Trojan then saves the downloaded file to the current user’s Windows folder "AppData" with the following name:
After saving, the Trojan launches the downloaded file and stops running.
- Delete the original Trojan file (its file name and location depends on the way the Trojan originally penetrated a user’s computer).
- Delete the following file:
- Clean the Temporary Internet Files folder, which contains infected files (How to clean Temporary Internet Files folder).
- Run a full scan of your computer using the Antivirus program with the updated definition database (Download Ad-Aware Free).