My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus


2491 B
(KAV: Trojan-Downloader.JS.Agent.euw AVG: Exploit Symantec: Downloader)


BitDefender showing a virus alert shortly after opening an infected web-page.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Lutas Andrei Vlad, virus researcher

Technical Description:

This malware uses flash-object vulnerabilities that allow arbitrary code execution by loading a specially crafted SWF object into a web-page. Once an infected web-page is opened, the trojan will create a specially crafted swf object that will allow the execution of a payload into the heap. Once the payload receives control, it will attempt to download and execute a file
from http://[removed].com/configs/load.php?id=5. (by the time this article was created, the downloaded file was detected as Trojan.Spy.ZBot.EKG; however, this may be subject to changes). 
The trojan only affectes browsers that use Flash Player version 9 or 10, revision 16, 28, 45, 47, 64 or 115; Internet Explorer and Firefox will be affected regardless of revision.