This trojan is an HTML Application (HTA file). This type of file is normally run by the Microsoft's MSHTA.EXE application, that comes with Windows.

This malware can be usually found on certain malicious websites. When activated, it downloads an EXE file from a website and saves it into the root directory of C: drive. Then the downloaded file is run.

The trojan also drops a file named CMD.BAT into the root directory of C: drive. This BAT file is used for cleanup purposes only: it deletes the trojan's file from a hard disk. This trojan hides its window from a user when it is running by resizing the window to a zero size and preventing it from being visible in the Taskbar.

Last update 20 July 2007

 

TOP