Trojan-Downloader.Win32.Inservice.gi is a trojan that downloads and executes three files from the web.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.
The trojan downloader's file is 13824 bytes long PE executable. It has not been packed by any executable compressor.
It contains a small script engine that the trojan uses to execute a script embedded in the trojan body. The script downloads three files from the domain 'ddl-help.info'. We have reported the abuse to the ISP hosting the website.
The files are stored into the following locations:
.exe %TEMP%/volume .exe %TEMP%/bass .exe
C:\Documents and Settings\user\Local Settings\Temp\mute41.exe
The downloaded files are detected as 'Trojan-Downloader.Win32.Centim.ao', 'Trojan-Downloader.Win32.Agent.mz' and 'Trojan-Dropper.Win32.Agent.jw'.
Technical Details:Otto Ebeling; May 26th, 2005