Troj/VB-FPL

    Category: Viruses and SpywareProtection available since:10 Oct 2011 19:38:28 (GMT)
    Type: TrojanLast Updated:10 Oct 2011 19:38:28 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Troj/VB-FPL exhibits the following characteristics:

    File Information

    Size
    812K
    SHA-1
    6bc3c6caadf790731094740d01a9ff971a24a5af
    MD5
    32cd46571103505d4e8d3792c9940d0f
    CRC-32
    6c6c35e1
    File type
    application/x-ms-dos-executable
    First seen
    2011-10-04

    Runtime Analysis

    Copies Itself To
    • c:\Documents and Settings\test user\Application Data\newegg.exe
    Registry Keys Created
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      Google Update
      c:\Documents and Settings\test user\Application Data\newegg.exe
    • HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
      3PLFMGD6HV
      October 10, 2011
    • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      DoNotAllowExceptions
      0x00000000
    • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
      c:\Documents and Settings\test user\Application Data\newegg.exe
      c:\Documents and Settings\test user\Application Data\newegg.exe:*:Enabled:Windows Messanger
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
      Google Update
      c:\Documents and Settings\test user\Application Data\newegg.exe
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      Google Update
      c:\Documents and Settings\test user\Application Data\newegg.exe
    Processes Created
    • c:\windows\system32\cmd.exe
    • c:\windows\system32\reg.exe
    DNS Requests
    • 1symantechantivirus.zapto.org
    • symantechantivirus.zapto.org

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection