Troj/VB-FNB

Category: Viruses and Spyware Protection available since:29 Aug 2011 15:15:40 (GMT)
Type: Trojan Last Updated:29 Aug 2011 15:15:40 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/VB-FNB exhibits the following characteristics:

File Information

Size
48K
SHA-1
39d4ac8161928b841f871a6239c20e116aa4a799
MD5
6d1a12c3af0b5a12dff68bb7beb4efd5
CRC-32
e23b0597
File type
application/x-ms-dos-executable
First seen
2011-08-29

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\drivers\Fotos.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011082920110830
    CacheOptions
    0x0000000b
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Fotos.exe
    C:\Windows\System32\drivers\Fotos.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
HTTP Requests
  • http://ce4rg.cl/images/access.txt
DNS Requests
  • ce4rg.cl