Trojan.Trafbrush is a Trojan horse that access some remote sites and then downloads these files.

1. config.ini
2. list.dic

These files contain lists of URLs and search keywords. The Trojan attempts to access URLs in these files at regular intervals using Internet Explorer. The Trojan also tries to access this site ‘luckycn.cn’ and update itself using File Transfer Protocol (FTP) .

Source: Symantec