My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus


5044 B
(%Trojan.Downloader.JS.Gen (KAV) VBS/Psyme.GE (FProt) HTML/ADODB.Exploit.Gen (Avira))


No obvious symptoms

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Lutas Andrei Vlad, virus researcher

Technical Description:

This small downloader is written in VBS and it is embeded in html files. When it receives control, it will attempt to download 4 files from the following location: http://love[removed].org/css. The files being downloaded are:

- AutoCfg.exe - infected, detected as Backdoor.Ardu.A

- Instexnt.exe, Autoexnt.exe, Servmess.dll - these are clean files and are used for running scripts before a user logs on

After downloading these filese, it will attempt to install AutoExNT service and it will create another file (AutoExNT.bat), where the infected application (AutoCfg.exe) will be listed. This way, the malware will receive execution after every reboot, even if there is no user logged on that computer.