This Trojan downloads other programs via the Internet and launches them on thevictim machine without the user’s knowledge or consent. The program itselfis a Windows PE EXE file. It is 8,704 bytes in size. It is packed using UPX.The unpacked file is approximately 40KB in size. It is written in C++.Once launched, the Trojan searches the system registry for the following keys: [HKLM\Software\ISTsvc]"popup_url" = "http://www.slotch.com/ist/scripts/istsvc_***_data.php""version""account_id""app_date" If the Trojan does not find the first key shown below, it will create it. The Trojan will then attempt to connect to the Internet. If it is unableto establish a connection, it will cease running. If the Trojan does establisha connection, it will download a file called “istsvc.exe” from thefollowing address: http://install.***toolbar.com/ist/softwares/addins/istsvc.exe — this file is 21 504 bytes in size, and will be detectedby Kaspersky Anti-Virus as Trojan-Downloader.Win32.IstBar.pdThis file will be saved to the current user’s temporary directory: %Documents and Settings%\%Current_user%\Local Settings\Temp\istsvc.exe The Trojan then creates a directory called “%Program Files%\ISTsvc".It copies the downloaded file to this directorz and launches it for execution.It then deletes the file from the temporarz directory and ceases running. If your computer does not have an up-to-date antivirus, or does not have anantivirus solution at all, follow the instructions below to delete the maliciousprogram: - Delete the original Trojan file (the location will depend onhow the program originally penetrated the victim machine).
- Delete the following registry keys:
[HKLM\Software\ISTsvc]"popup_url" = "http://www.slotch.com/ist/scripts/istsvc_***_data.php""version""account_id""app_date" - Delete the following directory and its contents:
Program Files%\ISTsvc - Delete the following file (if the Trojan program has not alreadydeleted it):
%Documents and Settings%\%Current_user%\Local Settings\Temp\istsvc.exe - Update your antivirus databases and perform a full scan of thecomputer (download a trial version of Kaspersky Anti-Virus).
Printed From:http://www.viruslist.com/en/viruses/encyclopedia?virusid=39488
Similar Virus/Threat >>
Trojan-Downloader.Win32.QDown.b
This Trojan downloads other malicious programs from the Internet and launchesthem on the victim machine. The program itself is a Windows PE EXE file. Itis 43008 bytes in size. It is not packed in...
Trojan-Downloader.Win32.Nurech.at
This Trojan downloads files via the Internet without the knowledge or consentof the user. It is a Windows PE EXE file. The file is approximately 28KB insize. It is packed using UPX. The unpacked...
Trojan-Downloader.Win32.Small.jk
This Trojan downloads other programs via the Internet without the knowledgeor consent of the user and launches them on the victim machine. The programitself is a Windows PE EXE file. It is 36,352...
Trojan-Downloader.Win32.IstBar.ah
This Trojan downloads files from the Internet to the victim machine and launchesthem for execution. The Trojan itself is a Windows PE EXE file. It is 16 896bytes in size, and packed using UPX. The...
Trojan-Downloader.Win32.Small.ddp
This Trojan downloads other malicious programs. It is a Windows PE EXE file.It is written in Microsoft Visual C++. It is not packed in any way. The sizeof infected files may vary from 20KB to...
Trojan-Downloader.Win32.Small.eqn
Trojan-Downloader.Win32.Bagle.cu
|
