sobota 25. února 2012

TrojanDropper:Win32/VB.HV


Encyclopedia entry
Updated: Apr 17, 2011  |  Published: Feb 03, 2011

Aliases
  • Win-Trojan/Vbkrypt.518656 (AhnLab)
  • Trojan.Win32.VBKrypt.ajfj (Kaspersky)
  • Trojan.VBKrypt!oCqqgMO7t8Q (VirusBuster)
  • Trojan.MulDrop1.58618 (Dr.Web)
  • Win32/TrojanDropper.VB.NRO (ESET)
  • Trojan.Win32.Staget (Ikarus)
  • Generic Dropper!dhm (McAfee)
  • TROJ_VBDROP.SMIA (Trend Micro)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.121.227.0
Released: Feb 23, 2012
Detection initially created:
Definition: 1.95.3662.0
Released: Jan 11, 2011


 

Summary

TrojanDropper:Win32/VB.HV usually arrives bundled with other legitimate programs. It attempts to drop a file detected as Trojan:Win32/Startpage.MC.


 

Symptoms

Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.


 

Technical Information (Analysis)

TrojanDropper:Win32/VB.HV usually arrives bundled with other legitimate programs. When executed, it may attempt to drop the following file:
 
D:\Program\3608\<file name>.exe - detected as Trojan:Win32/Startpage.MC.
 
where <file name> varies. In the wild, one such file name is "XLBugReport.exe".
 
Some variants of TrojanDropper:Win32/VB.HV may also attempt to terminate the "explorer.exe" process.
 
Analysis by Andrei Florin Saygo

Žádné komentáře:

Okomentovat

Poznámka: Komentáře mohou přidávat pouze členové tohoto blogu.