 |
Your FREE guide to antispyware and security softwareConfused by which virus protection software to use? Are you Trying to untangle two factor authentication? Is your e-mail spam driving you crazy? Is your personal computer slowing down? Do you get annoying pop-ups while surfing the web or simply using your computer and need a popup blocker that WORKS? i will personally help you once and for all stop your computer from Spyware Adware Computer Worms and Virus Trojan Horse Bugs once and for all without spending a dime. |
Risk Assessment
| Technical details |
This Trojan downloads another program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 38400 bytes in size. It is written in C++.
Once launched, the Trojan copies its body to the Windows system directory as "Ir32_a.exe":
It then deletes its original file.
In order to ensure that the Trojan is launched automatically each time the system is restarted, the Trojan registers its executable file in the system registry:
| Payload |
The Trojan sends a request to the remote malicious user's site:
It receives in reply a file containing links from which other objects will be downloaded. The file will be saved to the C: root directory: as "tmp.dat":
Files which are downloaded from the links contained in the file are saved to the Temporary Internet Files directory under their original names. Once they have been downloaded they are launched for execution.
At the moment of writing, the link was not active.
| Removal instructions |
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
to