Trojan.JS.Agent.bmh

From Total Malware Info

Jump to: navigation, search
The description for Trojan.JS.Agent.bmh was created during beta-test of «Malware description on demand» service. Learn more about at: www.dnt-lab.com/en/services.
Trojan.JS.Agent.bmh

Last edited:

18.8.2010

It is a trojan program that performs destructive actions on a user's computer. It is an HTML document that contains a JavaScript. Its size is 5102 bytes.

Payload

Once launched, the Trojan tries to run the script, which is located in the root directory of the infected server: 

http://%RootDir%/error.js.php

here RootDir - a root folder of an attacker's server.

Then, using embedded Java applets into the HTML page with the names "gogol.Familie.class" and "MyName", it attempts to download and execute malicious scripts in a user's browser, which are located at the following links: 

http://82.146.38.114:86/exemple.com/load.php?spl=javas
http://82.146.38.114:86/exemple.com/load.php?spl=java2s&93

At the time of writing, the links were not working.

Removal Instructions

If your computer was not protected by an antivirus and was infected with this malware, follow these steps to remove it:

  1. Delete the original trojan file (its location on the infected computer will depend on how the program originally penetrated the victim machine).
  2. Clear the Temporary Internet Files folder that containing infected files: 
    %Temporary Internet Files%
  3. Perform a full system scan using an antivirus with updated anti-virus databases (download a trial version).

Can't find a description for a specific malware?
You can order a description for any computer malware, virus, trojan or worm.
Retrieved from "http://www.totalmalwareinfo.com/eng/Trojan.JS.Agent.bmh"
Language
Video Tutorials
Computer and Internet Security Video Tutorials
© 2011 "Design and Test Lab", LLC. All rights reserved.