Backdoor.Win32.VB.am
(Backdoor.Win32.VB.am)

by ?

Original name "msn trojan"

Written in Visual Basic

Made in The Netherlands

more in this category


dropped files:
c:\WINDOWS\goede trojan.exe              Size: 155,648 bytes 
c:\WINDOWS\msofcfg.exe                   Size: 155,648 bytes 
c:\WINDOWS\regcfg.dll                    Size: 72 bytes 
c:\WINDOWS\system32\boot command.exe     Size: 155,648 bytes 
c:\WINDOWS\system32\fdsk.dll             Size: 72 bytes 
c:\WINDOWS\system32\mssoffice.exe        Size: 155,648 bytes 
c:\WINDOWS\system32\reginfo.retribution  Size: 72 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "boot commands"
data: C:\WINDOWS\System32\boot command.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DIT IS EEN TROJAN STARTUP"
data: C:\WINDOWS\goede trojan.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "msmsg"
data: C:\WINDOWS\msofcfg.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "msmsgr"
data: C:\Documents and Settings\%user%\Desktop\Backdoor.Win32.VB.am.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "office decryptfiles"
data: C:\WINDOWS\System32\mssoffice.exe 



tested on Windows XP
May 08, 2005

MegaSecurity