Trojan-Downloader.Win32.Inservice.gi is a trojan that downloads and executes three files from the web.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
The trojan downloader's file is 13824 bytes long PE executable. It has not been packed by any executable compressor.
It contains a small script engine that the trojan uses to execute a script embedded in the trojan body. The script downloads three files from the domain 'ddl-help.info'. We have reported the abuse to the ISP hosting the website.
The files are stored into the following locations:
%TEMP%/mute[randomnumber].exe %TEMP%/volume[randomnumber].exe %TEMP%/bass[randomnumber].exe
C:\Documents and Settings\user\Local Settings\Temp\mute41.exe
The downloaded files are detected as 'Trojan-Downloader.Win32.Centim.ao', 'Trojan-Downloader.Win32.Agent.mz' and 'Trojan-Dropper.Win32.Agent.jw'.