Trojan-Downloader.VBS.Agent.cm
From Total Malware Info
This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user’s knowledge or consent. It is 2 783 bytes in size. It is written in Java Script.
Payload
Once launched, the Trojan injects its code into the memory of the process which has the following unique identifiers in the system registry.
The Trojan then uses a vulnerability in Internet Explorer to download a file from the following URL:
- http://www.*****.com/htm/china/d.exe (8 913 bytes, detected by Kaspersky Anti-Virus as Virus.Win32.AutoRun.gv).
This file will be saved to upper directory from original Trojan file as ddt.com:
..\ddt.com
The downloaded file is then launched for execution.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete File:
..\ddt.com
- Update your antivirus databases and perform a full scan of the computer.
