Trojan-Downloader.Win32.Procexe

Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
2. Delete the following file:

   %Temp%system.exe

3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).

Technical Details

This Trojan downloads other programs via the Internet and launches them on the victim machine without the user’s knowledge or consent. The program itself is a Windows PE EXE file. It is 3584 bytes in size. It is written in C++.

Payload

Once launched, the Trojan checks for security solutions which will block unsanctioned access to the Internet (Outpost Firewall, Zone Alarm and Symantec Internet Security). If the Trojan detects any of the programs listed above, it will delete itself from the system.

If the Trojan does not detect any security solution, it will download a file from the following link:

http://216.65.106.***/proces.exe 

(At the time of writing, this link was not working.)

This file will be saved to the Windows temporary directory as “system.exe”:

%Temp%system.exe

This will be then launched as a hidden process, and the Trojan will delete itself from the system.