Parent class: TrojWare

Trojans are malicious programs that perform actions which are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. Unlike viruses and worms, the threats that fall into this category are unable to make copies of themselves or self-replicate. Trojans are classified according to the type of action they perform on an infected computer.

Class: Trojan

A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.


Technical Details

this text was written by Alexey Podrezov, Data Fellows Ltd

This Trojan does not destroy anything, but is very annoying. It copies its link to a start-up folder to be run during Windows bootup, does not allow it to "kill" its task, and makes itself known every time. It is pretty hard to remove, because it blocks its application and VB DLL, re-creates its link in the start-up directory or even the whole directory if deleted. Upon attempting to kill its task, the Trojan opens several more essences of itself as 'punishment'. To remove this Trojan, you need to put the following command in the beginning of your AUTOEXEC.BAT file in root C: folder:


Read more

Find out the statistics of the vulnerabilities spreading in your region on

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.