Trojan.Win32.Jpgiframe

by Atlantis on April 17th, 2012 in Malware Descriptions.

Detect: Trojan.Win32.Jpgiframe
Platform: HTML
Type: Trojan


Summary

It is a Trojan program which opens various web pages in the browser without user knowledge.

Technical Details

Payload

The Trojan is represented by an html page which is located at the end of the files with a “JPG” extension and contains a hidden frame used to redirect a user to the other resources, for example:

http://www.ci***d.com.ar/ar/popunder/p_submit.asp?site=persona***ad.com.ar

Removal Recommendations

  1. Delete the original Trojan file (its file name and location depends on the way the Trojan originally penetrated a user’s computer).
  2. Clean the Temporary Internet Files folder, which contains infected files (How to clean Temporary Internet Files folder).
  3. %Temporary Internet Files%

  4. Run a full scan of your computer using the Antivirus program with the updated definition database (Download Ad-Aware Free).