Aug 12, 2008
Trojan-Downloader.Js.Timul.CV is one of the most
annoying trojan I have ever came across, giving me a tough time
removing it since past two days, I had tried every single popular
Antivirus and AntiSpyware removal tool out there, Kaspersky Internet
Security 2009 detects the exploit being executed denying the trojan
download but can't remove the download trigger bombarding me with
numerous notifications each time a webpage is accessed.
Further investigation revealed similar problems being reported at
computer help forums with NO SOLUTION, collecting all the facts from
the different sources I found that the cause of the problem is not your
computer but a infected computer on your PC injecting http traffic with
malicious trojan downloading script before every page triggering the
anti-virus alert.
The Solution:
The first thing you would like to do is to install a good anti-virus
blocking the trojan downloader from executing, The infection seems to
come from several domains making use of existing security holes in
Windows OS to inject http traffic, The only working solution to the problem seems to update all the computers in your network with latest Windows patches.
The most common suspected vulnerability are :
- Microsoft Data Access Components (MDAC)
- MPS StormPlayer
- Realplayer
- Xunlei Thunder DapPlayer
You can also search Google for the following vulnerabilities known to help this malware:
Adodb.Stream, MPS.StormPlayer, DPClient.Vod, IERPCtl.IERPCtl.1, GLIEDown.IEDown.1
Since, this malware exploits known vulnerabilities, Downloading and installing the latest OS and applications updates is the only solution to the problem.
You can also ask your system admin or ISP to block traffic from these known malicious domains.
v.freefl.info
mx.content-type.cn
ad.5iyy.info
sun.63afe561.info
mx.000b213c.info
ad.8d77b42a.info
free.idcads.info