My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.JS.Offensive.A

LOW
LOW
9124 bytes
(JS_OFFENSIVE.A)

Symptoms

  • Strange behaviour for Explorer when executing some types of files (exe, reg, htm, html, txt, inf, dll, ini, sys, com, bat).
  • Removal instructions:

    For removal instructions and a complete list of affected registry keys please email support@bitdefender.com;

    Note: The damage is not caused if the user does not press the Start! button from the page.

    Analyzed By

    Costin Ionescu BitDefender Virus Researcher

    Technical Description:

    This is a Trojan contained in a HTML file. When the HTML page is viewed, the page contains a button with the caption "Start!" and the page title that is an offensive text related to Japanese people.

    If the user clicks that button and is using a browser capable of JavaScript and ActiveX (i.e. Microsoft Internet Explorer) the Trojan modifies some registry keys which can produce severe system damages, sets the title of Explorer and also the start page of the Internet Explorer to a site which contains in name offensive texts.

    Also it changes the default behaviour for Explorer when executing some types of files (exe, reg, htm, html, txt, inf, dll, ini, sys, com, bat).

    It sets in the registry some keys so the operating system will execute at the next startup different uninstall programs from the C:\Windows directory which will attempt to uninstall Windows at next restart.