This is a malicious program for hidden installation that was not authorized by user onto the computer that became the victim of malicious programs contained in the body of these type of Trojans. This type of malicious programs is most commonly without any notifications (or with fake notifications about archive errors, improper version of operating system, etc.) saved onto the hard drive of a victim (often into Windows catalogue, temporary catalogue, etc.), other files and launch them for execution. As a result of use of the programs of this class hackers reach two objectives: hidden installation of Trojan programs and viruses.
This is a Trojan program that installs other programs on the infected PC without user’s approval. This is a Windows application (PE-EXE file). It has the size of 319488 bytes and is written on C++. It is detected by other antiviruses as TR/Dropper.VB.Gen, Trojan.Gen, Win32/VBGenerated!generic, TROJ_GEN.R37B5F6, Trojan.Win32.Generic!BT.
After launching the Trojan performs the following actions. It copies itself into the system:
And adds itself into the startup:
- HKCU\...\Run\Windows Host Processor %Temp%\svchost.exe
Afterwards the Trojan continues its job.
Recommendations on removal
If your computer was not protected by antivirus program and became infected because of this malicious program then in order to remove it you must perform the following actions:1. Restart computer into “safe mode” (in the beginning of booting hit and hold “F8” button, then choose the option “Safe Mode” in the boot menu of Windows). 2. Remove the original file of Trojan (its location on the infected computer depends on the mode through which the program penetrated into the computer). 3. Remove system registry keys: - HKCU\...\Run\Windows Host Processor %Temp%\svchost.exe 4. Remove files: - %AppData%\windll.exe - %Temp%\svchost.exe
Perform full system checkup with GridinSoft Trojan Killer with updated anti-virus databases.