TROJ_INJECT.YPLX

March 21, 2014

PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

OVERALL RISK RATING:

DAMAGE POTENTIAL:

DISTRIBUTION POTENTIAL:

REPORTED INFECTION:

Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes

OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It deletes itself after execution.

TECHNICAL DETAILS

File Size: 152,064 bytes

File Type: EXE

Memory Resident: No

Initial Samples Received Date: 21 Mar 2014

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Trojan drops the following copies of itself into the affected system:

%User Profile%\LOCALS~1\WinHttp.exe

(Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.)

Dropping Routine

This Trojan drops the following files:

%User Temp%\tmp.dat
%User Temp%\tmp.dll

(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.)

Other Details

This Trojan connects to the following possibly malicious URL:

http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?ct=skfydi1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?tx=abyvvf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?ff=jzjngk1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/security.jsp?xi=mraxwa1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?ka=pquwwr1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/page.jsp?cw=ckxijo1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?xi=opmgtg1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?ka=xgbmzc1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?dl=rvmkro1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?ja=lbopjr1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/login.jsp?dx=fwnxkq1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?ta=vwuori1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?qx=evmslg1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?bm=ngqjcu1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/page.jsp?po=txodkk1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/page.jsp?xd=bmzngj1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/page.jsp?ai=otglbq1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?nm=zkyajr1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?rn=uwrtkf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?xf=ocqgod1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?wm=unvtot1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?ut=qqiqln1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/login.jsp?ld=daltqf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/login.jsp?sl=piheaq1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/login.jsp?em=ngfcne1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?to=yvpssl1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/page.jsp?zi=vwtegr1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/security.jsp?ds=cdwaim1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?cc=vwqqac1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/login.jsp?ov=lptzrt1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/default.jsp?yj=vdxfdt1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?dv=foircu1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?yc=vuhmhn1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?ri=iaiqir1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?gn=jpavlr1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?tl=lrldjn1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/default.jsp?pi=fwvtze1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?af=bmmbct1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?mw=iavwaz1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?bm=yzlszk1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?sh=zwtgyi1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?sx=rxkzll1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?hl=ofcimo1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?zn=dmaeji1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/default.jsp?ur=dkowbo1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/default.jsp?vs=imdfbt1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?lo=wpwicw1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?al=bekcoc1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/index.jsp?jl=eooggh1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?yj=ifepor1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?ng=lnxsbu1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?nc=frnbmx1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/login.jsp?wp=iikjme1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?ru=ivuhmi1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/page.jsp?uw=yigzsq1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?as=bsxdtw1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/login.jsp?us=mvrqgp1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?cq=mnmopy1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?ng=metorc1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?yy=bajrtn1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?sg=uzecfr1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?fj=lfrsbm1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/default.jsp?hw=yszcmr1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?ul=vybqzg1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?ea=wsxetc1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?xp=vbveyp1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?la=grmqfw1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?se=fmecsx1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/login.jsp?xa=baxeda1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?nc=twkwxw1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?lm=woqkbf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?sx=nuxebw1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?iq=klybgm1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/default.jsp?cs=kjmvkf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?sx=jnhbze1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?yt=vqieow1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?ej=bfiipx1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/default.jsp?mr=rkeguu1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/page.jsp?rc=qrbkms1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?jr=eppqci1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?am=fbreci1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?pb=ymqwda1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/default.jsp?mb=qifiiu1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/security.jsp?hd=zpkkvn1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?sa=mokhlx1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?xq=lytwdi1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?ru=scxnsd1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?hi=jiikvo1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/default.jsp?xy=cwcfyi1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/security.jsp?dp=uiwket1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?np=xllphw1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?qs=vhyfaf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?zh=lhhwmb1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/login.jsp?vf=sronby1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?fr=qqemmr1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?xl=isrgbu1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/default.jsp?re=vfkmii1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?ix=tyjisg1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?oo=wuujnb1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?xv=peosss1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/index.jsp?sf=dhghfp1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/login.jsp?py=qvmhob1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/page.jsp?sj=frtlah1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/default.jsp?rp=eivezh1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?co=dcxkqd1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?nk=hijocx1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?iz=dydvma1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?to=qkiyta1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?yp=rlrple1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?lj=nliulu1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?sz=aurkvg1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?wn=xbmzzp1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/default.jsp?yp=eprjko1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/security.jsp?dx=aldumm1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?wg=azmgyx1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?jw=xdyhsj1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?xx=niudip1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/login.jsp?zh=tssruq1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/page.jsp?qm=szosiy1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?ts=bmwcqx1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?at=nafxgf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?ka=jbyeay1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?zd=izflyt1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?pi=dwheae1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/login.jsp?op=gjpnoa1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?da=kahdrf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/default.jsp?kx=jbrrkc1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/security.jsp?cf=gniari1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?qp=srzkfl1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/page.jsp?eo=xglami1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?lh=tkqwsj1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?cr=dutibr1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?jr=qerhsg1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?yd=hryyty1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?jk=jhgklp1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/default.jsp?jg=ivvnqj1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?oc=zoxvku1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/login.jsp?nz=rsgmjk1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/index.jsp?zf=guuzut1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?oa=kwxnrf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?kl=popthz1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?tt=wuxrox1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?ck=ibific1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/page.jsp?ub=xmdjhu1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/index.jsp?jb=mdnxol1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/security.jsp?ns=iumnit1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?um=cvqzkb1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/security.jsp?hl=chzico1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?ww=nwunzv1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?lr=nwjimg1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?dl=qkoyao1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?az=kqzheg1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?lk=pevgtj1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?ry=flwweu1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?dc=lopmbp1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?xe=ebnmrf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/index.jsp?tu=hqctwx1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?va=scfrfq1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/index.jsp?dk=vneqyk1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/page.jsp?al=vyqqqe1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?an=rnsiwc1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?iv=bqdafd1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/index.jsp?ml=pqwork1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?vx=oqlvly1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?ah=wyiupv1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/page.jsp?xh=yctefd1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?zc=ouspkn1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?hv=yaflpc1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/index.jsp?ap=cuumza1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?qk=bemvqi1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?xa=bdtask1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?pn=ywnhzt1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?ka=yluirc1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?di=hgmqpj1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/default.jsp?ed=qwcqmd1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?hx=lhaslb1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?wq=xunysd1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?jz=zxgdna1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?us=lcyojz1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?fi=jddbhm1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?no=udurtb1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/default.jsp?tb=pumgdr1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?gg=glayhf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?vj=shzwqb1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?gu=nsjwkk1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?ns=myxpis1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/login.jsp?ya=rdalkv1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?ke=vpmtlf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/page.jsp?dh=pozlsq1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/page.jsp?wb=gqguqu1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?qf=qgsrgg1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?tp=xofura1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?qj=pufvvz1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/index.jsp?ij=uoqytw1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?xu=afceen1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/login.jsp?do=kacinf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?mc=wmyypm1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/about.jsp?ch=ojdxik1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?qm=bwlomn1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?yx=gmcvcn1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?la=ogzmxy1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?lq=mlcwmw1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/default.jsp?yz=pzndje1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?mz=gjwtub1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/login.jsp?ef=dfekgw1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?pr=bmpkmq1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/login.jsp?ka=ulzlzy1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?or=ydqtfo1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?fd=yajqlk1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?um=mihwyr1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?bs=rlybkd1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?mi=cjomdf1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?bt=mftvxb1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/security.jsp?je=ilscjz1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?ie=qefgvc1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/login.jsp?ac=tpcbdy1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?ua=skwsks1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?nu=vvwavi1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?rf=xhzjwq1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/login.jsp?oy=kewfez1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/index.jsp?da=xduolk1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/query.jsp?tk=lxzbfx1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?fo=kcqiwh1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?rl=lxfaki1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?fn=zwkfbs1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?fn=bijbnw1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?cm=mpkzef1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/page.jsp?ac=myfehl1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?fi=czecos1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/default.jsp?md=ihfxpa1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/default.jsp?pr=dzgqec1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?fj=bhjcem1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/query.jsp?vw=jzzxmd1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/index.jsp?zo=uoozxk1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/page.jsp?su=vmbovs1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?sw=oqaoog1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/page.jsp?rc=gmaypt1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/process.jsp?ez=gmetrc1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/page.jsp?ag=xhxlps1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/login.jsp?gi=hswlft1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?ya=pdhpmj1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/security.jsp?qa=rtfxdk1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?cq=tqyccb1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?by=zusvwn1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?tg=nrrlwl1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/parse.jsp?kn=kqwvoo1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/security.jsp?ub=nwpxeo1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/about.jsp?yv=kogksi1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/process.jsp?yj=ckfkfz1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/security.jsp?td=reozfb1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?pt=cjzibr1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?qr=owhbqu1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/user.jsp?it=phwqum1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/user.jsp?fv=tbgsnl1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:443/parse.jsp?xz=szeozh1161670G7BCG
http://www.{BLOCKED}e.dynssl.com:80/login.jsp?uf=exuyip1161670G7BCG

It deletes itself after execution.

This report is generated via an automated analysis system.

SOLUTION

Minimum Scan Engine: 9.300

Step 1

Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.

Step 2

Search and delete these components

[ Learn More ]

There may be some components that are hidden. Please make sure you check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result.

%User Temp%\tmp.dat
%User Temp%\tmp.dll

Step 3

Scan your computer with your Trend Micro product to delete files detected as TROJ_INJECT.YPLX. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

Did this description help? Tell us how we did.

TROJ_INJECT.YPLX

OVERVIEW

TECHNICAL DETAILS

SOLUTION

Resources

Support

About Trend

Country Headquarters

TROJ_INJECT.YPLX

OVERVIEW

TECHNICAL DETAILS

SOLUTION

Resources

Support

About Trend

Country Headquarters

The Americas

Middle East & Africa

Europe

Asia & Pacific