SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.JS.Agent.E

LOW
MEDIUM
approx 700 bytes
()

Symptoms

Presence of a file named xXx.exe.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Mihai Razvan Benchea, virus researcher

Technical Description:

The script exploits a vulnerability discovered on Internet Explorer 6.0 (MS06-014) .When executed, the script adds the following clsid: "BD96c556-65a3-11d0-983a-00c04fc29e36". The code wich performs the download is then executed on the remote host. It first creates an object named msxml2.XMLHTTP and then tries to download a file from http://freescans[hidden].com /count/load.php . The files is saved with the name xXx.exe in the parent directory of the folder where the browser is installed. The downloaded file is currently detected as Trojan.Downloader.JJRB

Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources