VBS/Rookie-A

Category: Viruses and SpywareProtection available since:21 May 2007 00:00:00 (GMT)
Type: TrojanLast Updated:18 Dec 2007 16:23:07 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

VBS/Rookie-A is a Trojan for the Windows platform.

When first installed the Trojan renames the C: drive to Porn and creates the following files:

<System>\joke.vbs
<System>\rookie.vbs
<Current Folder>\rookie.vbs
<Current Folder>\joke.vbs

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Admin
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
msdir32
<System>\msdir32.bat

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
rundll32
<System>\rookie.vbs

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
vscan
<System>\joke.vbs

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
DisableTaskMgr
1

Registry entry are modified under:

HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares\system