Trojan.JS.QAF

( TR/Agent.axe.6, JS:Illredir-A, Trojan.Iframe-14, JS/Redirector.c, Trojan:JS/Redirector.BF, Troj/JSRedir-AK )

SYMPTOMS:

The Trojan written in JavaScript starts with the comment "/*GNU GPL*/" .

TECHNICAL DESCRIPTION:

The Trojan is a special written JavaScript, designed in a cryptic way in order to avoid detection or to make the code harder to be read.

 

When browsing, the user gets redirected to an infected website. The encrypted script creates an "IFrame" which redirects to " http://google-cn.msn.ca.shoplocal-com.[removed].ru:8080/interia.pl/interia.pl/google.com/empflix.com/debonairblog.com/. "

Removal instructions:

Please let BitDefender disinfect your files.

ANALYZED BY:

Daniel Chipiristeanu, virus researcher