W32/Scribble-B

Category:	Viruses and Spyware	Protection available since:	30 Sep 2011 06:49:35 (GMT)
Type:	Win32 executable file virus	Last Updated:	30 Sep 2011 06:49:35 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Scribble-B is a family of polymorphic viruses for the Windows platform.

Members of W32/Scribble-B allow a remote attacker to gain access and control over the infected computer through IRC channels.

Members of W32/Scribble-B infect files with the EXE and SCR extensions when they are opened or run.

Members of W32/Scribble-B inject a malicious iframe into files whose extensions start with HTM, PHP or ASP, with affected files detected as Troj/Fujif-Gen. At the time of writing the iframe points to a site that hosts more malware.

Members of W32/Scribble-B also add a line to the Windows HOSTS file to redirect the infected computer to an infected website.

Detailed analysis

Example behaviors of W32/Scribble-B follow:

Example 1

Other vendor detection

Kaspersky: Virus.Win32.Virut.ce
Trend: PE_VIRUX.E

Example 2

File Information

Size: 77K
SHA-1: 11989cdb83ccb42b4172c28b44bcf81499dd316e
MD5: d7371aeda399cbde543ddccedca532af
CRC-32: a231a1a6
File type: application/x-ms-dos-executable
First seen: 2010-06-22

Example 3

File Information

Size: 324K
SHA-1: 3f00d4d0f4c75decd39a6f3b4140ba8e69c66167
MD5: 27ab75c1dc6a8541b9dba3297268961d
CRC-32: cbcb0d1c
File type: application/x-ms-dos-executable
First seen: 2010-06-21

Try Sophos products for free
Download now

W32/Scribble-B

Detailed analysis

Example 1

Other vendor detection

Example 2

File Information

Example 3

File Information

Free Mac Anti-Virus

Popular topics