Threat Description

InService.gi

Details

Category: Malware
Type: Trojan
Platform: W32
Aliases: InService.gi, Trojan-Downloader.Win32.InService.gi

Summary


Trojan-Downloader.Win32.Inservice.gi is a trojan that downloads and executes three files from the web.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.



Technical Details


The trojan downloader's file is 13824 bytes long PE executable. It has not been packed by any executable compressor.

It contains a small script engine that the trojan uses to execute a script embedded in the trojan body. The script downloads three files from the domain 'ddl-help.info'. We have reported the abuse to the ISP hosting the website.

The files are stored into the following locations:

%TEMP%/mute[randomnumber].exe  %TEMP%/volume[randomnumber].exe  %TEMP%/bass[randomnumber].exe   

For example:

C:\Documents and Settings\user\Local Settings\Temp\mute41.exe   

The downloaded files are detected as 'Trojan-Downloader.Win32.Centim.ao', 'Trojan-Downloader.Win32.Agent.mz' and 'Trojan-Dropper.Win32.Agent.jw'.



Detection




Detection Type: PC
Database: 2005-05-23_03



Technical Details:Otto Ebeling; May 26th, 2005


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More