Detect Date 02/03/2010
Class Trojan
Platform Win32

After launching, the trojan uses the system utility “sc.exe” to carry out the following command sequence:

sc.exe config wuauserv start= auto

sc.exe config BITS start= demand

sc.exe stop wuauserv

sc.exe config BITS start= disabled

sc.exe config wuauserv start= disabled

This stops and cancels the automatic launch of the “wuauserv” service (Windows Automatic Update service), and also cancels the automatic launch of the “BITS” service (Background Intelligent Transfer Service). The trojan then opens the following resource in the Internet Explorer browser:


The trojan then shuts down.

Find out the statistics of the threats spreading in your region