Troj/VB-FPL

Category: Viruses and Spyware Protection available since:10 Oct 2011 19:38:28 (GMT)
Type: Trojan Last Updated:10 Oct 2011 19:38:28 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/VB-FPL exhibits the following characteristics:

File Information

Size
812K
SHA-1
6bc3c6caadf790731094740d01a9ff971a24a5af
MD5
32cd46571103505d4e8d3792c9940d0f
CRC-32
6c6c35e1
File type
application/x-ms-dos-executable
First seen
2011-10-04

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\newegg.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Google Update
    c:\Documents and Settings\test user\Application Data\newegg.exe
  • HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
    3PLFMGD6HV
    October 10, 2011
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\Documents and Settings\test user\Application Data\newegg.exe
    c:\Documents and Settings\test user\Application Data\newegg.exe:*:Enabled:Windows Messanger
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
    Google Update
    c:\Documents and Settings\test user\Application Data\newegg.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Google Update
    c:\Documents and Settings\test user\Application Data\newegg.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
DNS Requests
  • 1symantechantivirus.zapto.org
  • symantechantivirus.zapto.org