Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

Trojan-Spy.Win32.ImSoft

Home Threats Trojan-Spy Trojan-Spy.Win32.ImSoft
Class Trojan-Spy
Platform Win32
Description

Payload

When launched, the Trojan modifies the following registry key value:

[HKCUSoftwareMicrosoftInternet ExplorerMain]
“Start Page” = “http://www.im-software.co.uk”

This results in the Internet Explorer home page being changed the http://www.im-software.co.uk

Technical Details

This Trojan will change the Internet Explorer home page. It is a Windows PE EXE file. The file is 60,416 bytes in size. It is written in Delphi.

Removal instructions

  1. Use Task Manager to terminate the Trojan process
  2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  3. Revert the Internet Explorer home page to its previous setting.
  4. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
© 2020 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up