Win32/VB.OSV [Threat Name] go to Threat

Win32/VB.OSV [Threat Variant Name]

Category trojan
Size 49152 B
Detection created Jan 25, 2010
Detection database version 4803
Aliases Trojan.Win32.Genome.fcpx (Kaspersky)
  Trojan:Win32/Bumat!rts (Microsoft)
  Infostealer (Symantec)
Short description

Win32/VB.OSV is a trojan that steals sensitive information. The trojan is able to log keystrokes. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan copies itself into the following location:

  • C:\­WINDOWS\­system\­MCISEQ.exe

In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%originalfilename%" = "C:\­WINDOWS\­system\­MCISEQ.exe"
    • "mciseq" = "C:\­WINDOWS\­system\­MCISEQ.exe"
Other information

The trojan is able to log keystrokes.


The data is saved in the following file:

  • %windir%\­%computername%.txt

The trojan attempts to send gathered information to a remote machine.


The trojan contains a list of (1) addresses.


The FTP protocol is used.


Please enable Javascript to ensure correct displaying of this content and refresh this page.