Symptoms

Removal instructions:

Analyzed By

Technical Description:

You might remember the recent Trojan.Exploit.SSX , where a mechanism of infection trough exploits was described.

This threat acts the same as the mentioned one, except it tries to avoid detection by AV companies by adding an extra packer over its code. It's a known javascript packer which has the following format : eval(function(p,a,c,k,e,d){ [packed_code] }.

This time it downloads something different with the name "help.exe", which is detected as Backdoor.Generic.76302.