Cart
Trojan.JS.Agent.E
SYMPTOMS: Presence of a file named xXx.exe.TECHNICAL DESCRIPTION: The script exploits a vulnerability discovered on Internet Explorer 6.0 (MS06-014) .When executed, the script adds the following clsid: "BD96c556-65a3-11d0-983a-00c04fc29e36". The code wich performs the download is then executed on the remote host. It first creates an object named msxml2.XMLHTTP and then tries to download a file from http://freescans[hidden].com /count/load.php . The files is saved with the name xXx.exe in the parent directory of the folder where the browser is installed. The downloaded file is currently detected as Trojan.Downloader.JJRB Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Mihai Razvan Benchea, virus researcher |
