Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:03/01/2006
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:29.696 Bytes
MD5 checksum:f492370216f8f35d09730E2779b1f00F
VDF version:

 General Method of propagation:
   • No own spreading routine

   •  Kaspersky:
   •  TrendMicro: TSPY_VB.ADL
   •  Sophos: Troj/PWS-HU
   •  Bitdefender: Trojan.PWS.VB.A

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Drops files
   • Steals information

 Files It deletes the initially executed copy of itself.

The following files are created:

%malware execution directory%\%executed file%.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.

 Stealing It tries to steal the following information:
– Recorded passwords used by the AutoComplete function
– Email account information obtained from the registry key: HKCU\Software\Microsoft\Internet Account Manager\Accounts

– Passwords from the following programs:
   • Microsoft Outlook
   • Eudora
   • The Bat

 File details Programming language:
The malware program was written in Visual Basic.

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Daniel Constantin on Tuesday, January 10, 2006
Description updated by Daniel Constantin on Tuesday, January 10, 2006

Back . . . .