My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.JS.PYZ

LOW
LOW
<5 Kbytes
(Exploit.JS.Agent.agc, Troj/JSRedir-P)

Symptoms

 No obvious symptoms.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Balazs Biro, jr. virus researcher

Technical Description:

  This is a malicious javascript that tries to exploit vulnerabilities found in Adobe Acrobat Reader and Adobe Flash Player.
 When accessing a malicious site, the script will launch two ActiveX objects: AcroPDF.PDF or PDF.PdfCtrl for the pdf file and ShockWaveFlash.ShockwaveFlash for the swf file. These will download and open a pdf file named "readme.pdf" respectively a swf file named "flash.swf" both containing exploits.
As a result of opening these files a malicious executable will be downloaded and executed.

At the moment of writing the download URL was
  http://sitesupports.cn/[removed]?id=0,
the downloaded  executable being detected as  Backdoor.Zdoogu.F .