Trojan.Exploit.ANOG
LOW
LOW
may vary
()
Symptoms
Presence of files "Gameeeeee.pif" and "Gemeeeeees.vbs" in %Temp% folder
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Ovidiu Visoiu, virus researcher
Technical Description:
It's a Javascript that use some common algorithms (escape, base64) for encoding its body to avoid detection. A VBScript is hidden under this algoritm. The VBStript is also obfuscated, contains a link: "http://ad.ote2008.[removed]/ad.css" to a file detected as Trojan.Agent.AJJX. File from that address is saved in victim's machine as %TEMP%\Gameeeeee.pif it's a Win32 executable and is launched by a previous created %TEMP\Gameeeees.vbs%
SHARE
THIS ON