Win32/PSW.VB.NEY [Threat Name] go to Threat

Win32/PSW.VB.NEY [Threat Variant Name]

Category trojan
Size 73730 B
Detection created Mar 31, 2010
Detection database version 4989
Aliases Trojan-Downloader.Win32.VB.mxw (Kaspersky)
  TrojanDownloader:Win32/Troxen!rts (Microsoft)
  Generic.Downloader.x!dny.trojan (McAfee)
Short description

Win32/PSW.VB.NEY installs a backdoor that can be controlled remotely.

Installation

When executed the trojan copies itself in the following locations:

  • %system%\­data0012a.txt.txt
  • %system%\­data0012a.txt.exe

The trojan creates the following files:

  • %startup%\­santa.bat

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Winsys32sys" = "%system%\­data0012a.txt.exe"
Other information

The trojan acquires data and commands from a remote computer or the Internet. The trojan contains a list of (1) URLs. The HTTP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files

Please enable Javascript to ensure correct displaying of this content and refresh this page.