- Security Center
- English ▾
Size: 16447 bytes
It is an exploit which downloads other malicious programs from the Internet and launches them for execution without the user’s knowledge.
A malicious web page contains an ActiveX component (CLSID: 22d6f312-b0f6-11d0-94ab-0080c74c7e95) which uses a specially formed midi-file.
When the malicious program works, heap overflow vulnerability is explored. The vulnerability exists in the "midiOutPlayNextPolyEvent" function of the "winmm.dll" library. With that, a malicious code is executed downloading a file from the following URL:
The URL did not respond when the description was created. The downloaded file is saved as:
After downloading, the file is decrypted and launched.
To delete a malicious program, proceed through the steps listed below:
- Delete an original Trojan file (its location on the infected PC depends on the way the program has been installed on the PC).
- Delete the following file:
- Clean the Temporary Internet Files folder which contains infected files.
- Run a full scan of your computer using the Antivirus program with the updated definition database.