Trojan-Downloader.Win32.Inservice.gi is a trojan that downloads and executes three files from the web.
Disinfection & Removal
The trojan downloader's file is 13824 bytes long PE executable. It has not been packed by any executable compressor.
It contains a small script engine that the trojan uses to execute a script embedded in the trojan body. The script downloads three files from the domain 'ddl-help.info'. We have reported the abuse to the ISP hosting the website.
The files are stored into the following locations:
%TEMP%/mute<randomnumber>.exe %TEMP%/volume<randomnumber>.exe %TEMP%/bass<randomnumber>.exe
C:\Documents and Settings\user\Local Settings\Temp\mute41.exe
The downloaded files are detected as 'Trojan-Downloader.Win32.Centim.ao', 'Trojan-Downloader.Win32.Agent.mz' and 'Trojan-Dropper.Win32.Agent.jw'.
Detection Type: PC
Technical Details: Otto Ebeling; May 26th, 2005