Troj/VB-EWU

Category:	Viruses and Spyware	Protection available since:	09 Sep 2010 05:01:51 (GMT)
Type:	Trojan	Last Updated:	09 Sep 2010 05:01:51 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/VB-EWU include:

Example 1

File Information

Size: 1.4M
SHA-1: 3dd0007298b75ee04d171d613af7b5e3c8d74c38
MD5: 6c034fc47011defa38b28c8cc2faa673
CRC-32: 12cd8e95
File type: application/x-ms-dos-executable
First seen: 2010-09-09

Example 2

File Information

Size: 604K
SHA-1: cde7e9cd996db42d38c6d96d88853cfdcb0bea6f
MD5: 1b9867c7d102196b799a0a5bd0f052e1
CRC-32: 676e90cf
File type: application/x-ms-dos-executable
First seen: 2010-08-16

Other vendor detection

Avira: TR/Gibi.LY
Kaspersky: Trojan.Win32.Gibi.ly

Runtime Analysis

Copies Itself To

c:\Documents and Settings\test user\Local Settings\Temp\BLksh.exe

Registry Keys Created

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NLyAsxFI
C:\DOCUME~1\support\LOCALS~1\Temp\BLksh.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
vF5gCA
C:\DOCUME~1\support\LOCALS~1\Temp\BLksh.exe

Processes Created

c:\windows\system32\cmd.exe

Example 3

File Information

Size: 498K
SHA-1: 2a232245336ecbf0c093e94fe559e8f16f6dca4d
MD5: ee270315c02e86c68646a93cdfd2434e
CRC-32: 2ee18647
File type: application/x-ms-dos-executable
First seen: 2010-11-03

Try Sophos products for free
Download now