Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/PSW.VB.HU
Date discovered:03/01/2006
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:29.696 Bytes
MD5 checksum:f492370216f8f35d09730E2779b1f00F
VDF version:6.33.00.92

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan-PSW.Win32.VB.hu
   •  TrendMicro: TSPY_VB.ADL
   •  Sophos: Troj/PWS-HU
   •  Bitdefender: Trojan.PWS.VB.A


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops files
   • Steals information

 Files It deletes the initially executed copy of itself.



The following files are created:

%malware execution directory%\%executed file%.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.
%SYSDIR%\drv32dta\pstore.txt

 Stealing It tries to steal the following information:
 Recorded passwords used by the AutoComplete function
 Email account information obtained from the registry key: HKCU\Software\Microsoft\Internet Account Manager\Accounts

Passwords from the following programs:
   • Microsoft Outlook
   • Eudora
   • The Bat

 File details Programming language:
The malware program was written in Visual Basic.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Daniel Constantin on Tuesday, January 10, 2006
Description updated by Daniel Constantin on Tuesday, January 10, 2006

Back . . . .