It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
This Trojan downloads other programs via the Internet and launches them on the victim machine without the user’s
knowledge or consent. The Trojan is a Java Script script which is built in to HTML pages.
It is 17,002 bytes in size.
Once launched, the Trojan injects its code into the memory of processes which have the following unique identifiers
in the system registry:
The Trojan then attempts to connect to the Internet and download a file called "file.php" from the following
(At the time of writing, this link was not working.)
This file will be saved to the C: \ root directory as "sys%rnd%.exe (%rnd% is a random four digit number):
The downloaded file is then launched for execution.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the
instructions below to delete the malicious program:
Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
Delete the following file:
Update your antivirus databases and perform a full scan of the computer