Follow:

 

TrojanSpy:Win32/Lurk


Microsoft security software detects and removes this threat.

This trojan can download other malware onto your PC.

It is installed by other malware, such as Exploit:SWF/CVE-2013-5330.A.



What to do now

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

You can also visit the Microsoft virus and malware community for more help.

Threat behavior

TrojanSpy:Win32/Lurk is installed by other malware, such as Exploit:SWF/CVE-2013-5330.A.

It is installed with a random file name in %TEMP%, for example, %TEMP%\218c.tmp. This file is usually deleted the next time your PC is rebooted.

The trojan tries to download a portable executable file from a remote server and injects it into a web browser process. We have seen it contact the following domain:

  • wxyz.mesjunio.com

Analysis by Chun Feng


Symptoms

Alerts from your security software may be the only symptom.


Prevention


Alert level: Severe
First detected by definition: 1.139.100.0
Latest detected by definition: 1.177.743.0 and higher
First detected on: Oct 19, 2012
This entry was first published on: Feb 10, 2014
This entry was updated on: Feb 10, 2014

This threat is also detected as:
No known aliases