Pic.1: Upgrade your Flash Version
Consenting to the flash update downloads: http://91.103.XXX.XXX/BBC_News_UK/2/hi/uk_news/bbc_movies/get_flash_update.exe
Pic.1: Trojan download
ClamAV detects this file as Trojan.Agent-21076. The Trojan changes the start page of Internet Explorer to the adult website adultmeeter.com and updates the Windows host file to contain entries for URL-to-IP mapping. This mapping effectively prevents users from accessing the websites for the banks Addey and Caja Madrid by typing abbey.com or cajamadrid.es in their web browers. The entries in the host file will redirect users to phishing websites.