InService.gi

Aliases:

InService.gi
Trojan-Downloader.Win32.InService.gi

Category:
Type:
Platform:

Malware

W32

Summary

Trojan-Downloader.Win32.Inservice.gi is a trojan that downloads and executes three files from the web.

Disinfection & Removal

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Technical Details

The trojan downloader's file is 13824 bytes long PE executable. It has not been packed by any executable compressor.

It contains a small script engine that the trojan uses to execute a script embedded in the trojan body. The script downloads three files from the domain 'ddl-help.info'. We have reported the abuse to the ISP hosting the website.

The files are stored into the following locations:

%TEMP%/mute&lt;randomnumber&gt;.exe
 %TEMP%/volume&lt;randomnumber&gt;.exe
 %TEMP%/bass&lt;randomnumber&gt;.exe

For example:

C:\Documents and Settings\user\Local Settings\Temp\mute41.exe

The downloaded files are detected as 'Trojan-Downloader.Win32.Centim.ao', 'Trojan-Downloader.Win32.Agent.mz' and 'Trojan-Dropper.Win32.Agent.jw'.

Detection

Detection Type: PC
Database: 2005-05-23_03

Technical Details: Otto Ebeling; May 26th, 2005

Submit a sample

Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Submit

F-Secure Community

Give advice. Get advice. Share the knowledge on our free discussion forum.

Go to Community

InService.gi

Summary

Disinfection & Removal

Technical Details

Detection

Submit a sample

F-Secure Community

Protecting the irreplaceable

Protection

Analysis

Downloads

Support

News & feeds

Connect

About F-Secure

Information

Visit also

F-Secure for consumers

F-Secure for operators

F-Secure for business

F-Secure Corporation