Troj/Dloader-BB is a downloader Trojan.
Troj/Dloader-BB is a DLL component that downloads files from the internet and runs them without the user's permission.
The Trojan runs as an extension to Internet Explorer.
When first run, Troj/Dloader-BB sets the following registry entries:
HKCR\CLSID\(037B3D58-D14A-4c41-BDFD-BD779B0B97BA)\
(Default) = vxiewer control
InprocServer32\(Default) = <SYSTEM>\vxiewer.ocx
InprocServer32\ThreadingModel = Apartment
Version\(Default) = 1,0,0,1
VersionIndependentProgID\(Default) = HOL3_VXIEWER.FULL
ProgID\(Default) = HOL3_VXIEWER.FULL
HKCR\HOL3_VXIEWER.FULL.1\
(Default) = vxiewer control
CLSID\(Default) = (037B3D58-D14A-4c41-BDFD-BD779B0B97BA)
Troj/Dloader-BB may download and run files to C:\holi<number>.exe where <number> is a number based on the time. The Trojan will then set registry entries under the following branch:
HKCU\Software\Holistyc\