aprox 5 kb
(JS.Downloader.Trojan, Exploit:JS/Mult.M , JS/Downloader.Agent, JS:Agent-CG, JS/TrojanDownloader.Agent.CQD)


There are no obvious symptoms.

Instruções para remoção:

First of all, keep your products updated.
You can set the "killbit" for these CLSIDs : "2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93" and "CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA". You can find information on how to do that here .

Please let BitDefender disinfect your files.

Analisado por

Daniel Chipiristeanu, virus researcher

Descrição Técnica:

After decrypting the javascript code, it's easy to notice that the malware consists of two vulnerabilities:
  1. CVE-2008-1309 that tries to exploit a flaw in Real Player in handling of its "Console" property which leads to memory corruption and thus giving the attacker the possibility of running arbitrary code on the affected computer. As for the payload it downloads a file from this website :
  2. CVE-2007-6144 which exploits a buffer overflow in PPlayer.XPPlayer.1 ActiveX control in a Xunlei Thunder version to a property FlvPlayerUrl . It downloads a file from this website :