Troj/VB-GMY

Category: Viruses and Spyware Protection available since:05 May 2013 23:59:24 (GMT)
Type: Trojan Last Updated:05 May 2013 23:59:24 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/VB-GMY exhibits the following characteristics:

File Information

Size
412K
SHA-1
add0b378e57e794769ae6f0c2d6d95ab0f6214ae
MD5
317cafb99ea39a4b453d29324e717e02
CRC-32
9f06b7a3
File type
Windows executable
First seen
2013-05-05

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\base.exe
Modified Files
  • %PROFILE%\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
    • Changed the file contents
Registry Keys Created
  • HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS
    ProxyExclude
  • HKCU\Software\Microsoft\MediaPlayer\Player\Tasks\NowPlaying
    InitFlags
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Service Base
    base.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    Windows Service Base
    base.exe
  • HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\RTSP
    ProxyExclude
  • HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP
    ProxyExclude
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows Service Base
    base.exe
  • HKCU\Software\Microsoft\Windows Media\WMSDK\General
    VolumeSerialNumber
    0x601f769f
Processes Created
  • c:\windows\system32\base.exe
DNS Requests
  • tz.barmy-army.org

download Try Sophos products for free
Download now