high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | March 2008 (4.27) |
| Protection available since | 5 February 2008 05:40:24 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/VB-DYO is a Trojan for the Windows platform.
The Trojan includes functionality to allow access to a remote user, steal Yahoo Messenger login credentials, spam contacts on the user's buddy list, steal dial-up information, and download/execute additional executables.
When Troj/VB-DYO is installed the following files are created:
<User>\Local Settings\tmp1010.exe
<User>\Local Settings\TMP1010.exe.exe
<System>\ypager.exe
<Windows>\netconfig.exe
<Windows>\Help\WPWIZRD.hlp
The file tmp1010.exe is not malicious and may be deleted. The file TMP1010.exe.exe is detected as Troj/VBSpy-G. The files ypager.exe and netconfig.exe are detected as Mal/Behav-109. The file WPWIZRD.hlp is harmless and may be deleted.
The files ypager.exe, netconfig.exe and WPWIZRD.hlp have the date of 7/5/1999.
Troj/VB-DYO sets the following registry entries:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe ypager.exe s
HKCU\Software\VB and VBA Program Settings\System\Cn
set
user
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{423702KJY0-YKN5OK-D1KOW-F49T8-TVUI81RWM117}
StubPath
netconfig.exe
The Trojan may alternately set the following:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{212G02HJL0-QTM7DH-A4Y08-NEDF4-SJLY23I4Z159}
StubPath
netconfig.exe
|
