Threat description



Offensive is a trojan horse that is able to execute directly via a web page or a HTML formatted email message by using a security vulnerability in Internet Explorer.


Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

When executed, the trojan creates the following registry keys:

  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\         RestrictRun         NoChangeStartMenu         NoClose         NoDrives         NoDriveTypeAutoRun         NoFavoritesMenu         NoFileMenu         NoFind         NoFolderOptions         NoInternetIcon         NoRecentDocsMenu         NoLogOff         NoRun         NoSetActiveDesktop         NoSetFolders         NoSetTaskbar         NoWindowsUpdate         Nodesktop         NoViewContextMenu         NoNetHooD         NoEntioeNetwork         NoWorkgroupContents         NoSaveSettings     HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\         DisableRegistryTools         NoConfigPage         NoDevMgrPage         NoDispAppearancePage         NoDispScrSavPage         NoDispBackgroundPage         NoDispSettingsPage         NoFileSysPage         NoVirtMemPage     HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\         NoRealMode         Disabled     HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\         Window Title         Start Page     HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\         Window Title         Start Page     HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\         LegalNoticeCaption         LegalNoticeText     HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{C18CB140-0BBB-11D4-8FE8-0088CC102438}\         ButtonText         CLSID         Default Visible         Exec         MenuStatusBar         MenuText     HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\         how to **** japanese     HKEY_CLASSES_ROOT\Drive\shell\how to **** japan\         command     HKEY_LOCAL_MACHINE\Software\CLASSES\         .exe         .reg         .htm         .html         .txt         .inf         .dll         .ini         .sys         .com         .bat     HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\         internat.exe;         ScanRegistry         TaskMonitor         SystemTray         LoadPowerProfile     HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\         LoadPowerProfile         SchedulingAgent  

These changes to the registry render the system to unusable state.

The security vulnerability used by the trojan is known. A fix and further information is available from Microsoft:

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info