W32/Dbit-B is a virus and backdoor Trojan for the Windows platform.
W32/Dbit-B attempts to infect EXE files. W32/Dbit-B allows unauthorized remote access to the infected computer.
W32/Dbit-B will attempt to connect to predefined URLs in order to report infection and download files. The virus may also act as a backdoor allowing the following actions to be performed by a remote user on the infected system:
Create folder
Delete files
Execute files
Rename files
Act as a proxy server
Log keypresses
Steal passwords
W32/Dbit-B will also attempt to collect information about the infected system and report it to a predefined URL. The information collected includes:
Username
Running processes
IP related information
Available drives
W32/Dbit-B also contains a stealthing component in order to make itself invisible to the user.
W32/Dbit-B is a virus and backdoor Trojan for the Windows platform.
W32/Dbit-B attempts to infect EXE files. W32/Dbit-B allows unauthorized remote access to the infected computer.
W32/Dbit-B will attempt to connect to predefined URLs in order to report infection and download files. The virus may also act as a backdoor allowing the following actions to be performed by a remote user on the infected system:
Create folder
Delete files
Execute files
Rename files
Act as a proxy server
Log keypresses
Steal passwords
W32/Dbit-B will also attempt to collect information about the infected system and report it to a predefined URL. The information collected includes:
Username
Running processes
IP related information
Available drives
W32/Dbit-B also contains a stealthing component in order to make itself invisible to the user.
When W32/Dbit-B is installed it creates the file <System>\msjet62.dll.
The file msjet62.dll is registered as a new system driver service named "Irmon", with a display name of "Portable Media Serial Number Service" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Irmon\
W32/Dbit-B will attempt to remove processes and services associated with the following files:
ethereal.exe
aports.exe
tcpview
windump.exe
iris.exe
CV.exe
sniffer.exe
iexplore.exe
outlook.exe
icq.exe
msimn.exe
msmsgs.exe
msnmsgr.exe
qq.exe
endoscope.EXE
icqlite.exe
foxmail.exe