This Trojan downloads another malicious program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 9216 bytes in size. It is packed using UPX. The unpacked file is approximately 38KB in size. It is written in C++.
The Trojan downloads files from the following URLs:
http://*****fdujt.info/?44ffa2
http://*****fdujt.info/i.php
http://*****fdujt.info/myh.php
At the time of writing, these links were not working. The files will be saved to the current user’s Windows temporary directory with random names. The Trojan then sends a request to the following address:
http://195.24.77.***/utest/?*****74&oo=2&75f2d3=33985db&ra=0
If the server does not respond, the Trojan will repeat the attempt after six minutes. The Trojan also creates a unique identifier, “S_SERV_v0.66_Beta_erf” to flag its presence in the system.
Deletion Method
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
Please say thanks to them
http://*****fdujt.info/?44ffa2
http://*****fdujt.info/i.php
http://*****fdujt.info/myh.php
At the time of writing, these links were not working. The files will be saved to the current user’s Windows temporary directory with random names. The Trojan then sends a request to the following address:
http://195.24.77.***/utest/?*****74&oo=2&75f2d3=33985db&ra=0
If the server does not respond, the Trojan will repeat the attempt after six minutes. The Trojan also creates a unique identifier, “S_SERV_v0.66_Beta_erf” to flag its presence in the system.
Deletion Method
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- To remove Trojan-Downloader.Win32.Agent.ahoe, you must first stop any Trojan-Downloader.Win32.Agent.ahoe processes that are running in your computer's memory. To stop all Trojan-Downloader.Win32.Agent.ahoe processes, press CTRL+ALT+DELETE to open the Windows Task Manager. Click on the "Processes" tab, search for Trojan-Downloader.Win32.Agent.ahoe, then right-click it and select "End Process" key.
- To delete Trojan-Downloader.Win32.Agent.ahoe registry keys, open the Windows Registry Editor by clicking on the Windows "Start" button and selecting "Run." Type "regedit" into the box and click "OK." Once the Registry Editor is open, search for the registry key "HKEY_LOCAL_MACHINE\Software\Trojan-Downloader.Win32.Agent.ahoe." Right-click this registry key and select "Delete."
- Finally, to completely get rid of Trojan-Downloader.Win32.Agent.ahoe, you must manually remove other Trojan-Downloader.Win32.Agent.ahoe files. These Trojan-Downloader.Win32.Agent.ahoe files can be in the form of EXE, DLL, LSP, TOOLBAR, BROWSER HIJACK, and/or BROWSER PLUGIN. For example, Trojan-Downloader.Win32.Agent.ahoe might create a file like
%PROGRAM_FILES%\Trojan-Downloader.Win32.Agent.ahoe\Trojan-Downloader.Win32.Agent.ahoe.exe. Locate and remove these files.
Please say thanks to them
No comments:
Post a Comment