- Security Center
- English ▾
Size: 1838 bytes
Language: Java Script
Once an infected HTML page is opened, the Trojan executes the malicious script.
The Trojan adds the “click” and “onclick” event handlers to the page. Thus, the Trojan keeps track of clicks performed by a user on the HTML page, and then opens the web resource in a new browser window. The site’s URL is as follows:
The Trojan installs a cookie with the “popundr” name and the “1” value for the 24 hour period. Once the web resource is opened by clicking the link, it redirects a user to a porno web resource. Its URL is as follows:
If a “popundr” cookie has been already installed, the Trojan finishes its execution upon opening an infected page.
To delete a malicious program, proceed through the steps listed below:
- Delete an original Trojan file (its location on the infected PC depends on the way the program has been installed on the PC).
- Clean the Temporary Internet Files folder which contains infected files.
- Run a full scan of your computer using the Antivirus program with the updated definition database.