(Trojan-Downloader.JS.Agent.cwi; VBS:SanpshotView-A [Expl] )


There are no obvious signs until the attacker manages to infiltrate the system.

Instruções para remoção:

Keep updated your products.

You can disable this ActiveX control by setting the kill bit for the following CLSIDs:


You can find information about setting a kill bit here.

Please let BitDefender delete the infected files.

Analisado por

Dana Stanut, virus researcher

Descrição Técnica:

    This malware is written in Javascript and exploits a vulnerability in the Snapshot Viewer ActiveX control for Microsoft Access(snapview.ocx). The payload will be the download of a file from the following link[removed].css (detected by Bitdefender as Trojan.Downloader.JLCQ). The file will be saved to the following path [c or d or e]:/Program Files/Outlook Express/wab.exe.
    You can find more information about this vulnerability here CVE-2008-2463.