Troj/VB-FGD

Category: Viruses and Spyware Protection available since:16 Apr 2011 14:36:01 (GMT)
Type: Trojan Last Updated:16 Apr 2011 14:36:01 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/VB-FGD exhibits the following characteristics:

File Information

Size
288K
SHA-1
21b6cad3d41c29cbda4b5b94674bc0e498f62d20
MD5
2a37aac86826d2de430154c3f648a8e3
CRC-32
2f3a784a
File type
application/x-ms-dos-executable
First seen
2011-04-16

Other vendor detection

Avira
TR/Dropper.Gen
Kaspersky
Trojan.Win32.Swisyn.auzw

Runtime Analysis

Dropped Files
  • C:\WINDOWS\svchost.exe
    Size
    288K
    SHA-1
    dc4d29861def08e66b53a92d8e8c920b1c4314ee
    MD5
    3823f8db80449bfa96eb32eda30b1f42
    CRC-32
    cad0418b
    File type
    application/x-ms-dos-executable
    First seen
    2011-04-16
  • c:\Documents and Settings\test user\Local Settings\Application Data\mrsys.exe
    Size
    288K
    SHA-1
    f76a9adeb9a370d63f24c508b0df6bf1538974c5
    MD5
    b58b135494b6c36f21250bbe049d0e8e
    CRC-32
    b8af42a1
    File type
    application/x-ms-dos-executable
    First seen
    2011-04-16
  • C:\WINDOWS\system32\explorer.exe
    Size
    288K
    SHA-1
    417fcf5c2c7222749d4f2d45999d263b54dc3e62
    MD5
    9e4be6f77a8e18c204ad9bd09443c2ce
    CRC-32
    5fee0994
    File type
    application/x-ms-dos-executable
    First seen
    2011-04-16
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF970E.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFA419.tmp
  • C:\WINDOWS\spoolsv.exe
    Size
    288K
    SHA-1
    61fa2a71013683a0086093e9a13264298e7ac57c
    MD5
    4960620708977797899be7729601b9d8
    CRC-32
    e05ca9e2
    File type
    application/x-ms-dos-executable
    First seen
    2011-04-16
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    Explorer
    c:\windows\system32\explorer.exe RO
  • HKCU\Software\VB and VBA Program Settings\Explorer\Process
    LO
    1
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    C:\WINDOWS\explorer.exe, c:\windows\system32\explorer.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
Processes Created
  • c:\windows\spoolsv.exe
  • c:\windows\svchost.exe
  • c:\windows\system32\at.exe
  • c:\windows\system32\explorer.exe

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information