Win32/VB.PNT [Threat Name] go to Threat

Win32/VB.PNT [Threat Variant Name]

Category trojan
Size 122880 B
Detection created Feb 01, 2011
Detection database version 5837
Aliases Trojan.Win32.Larchik.pv (Kaspersky)
  Troj/Larchik-A (Sophos)
  Trojan:Win32/VB.AEJ (Microsoft)
Short description

The trojan collects sensitive information when the user browses certain web sites. The trojan attempts to send gathered information to a remote machine.

Installation

The trojan does not create any copies of itself.


The following Registry entries are created:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "00Bf.exe" = "%windir%\­00Bf.exe"
Information stealing

The trojan collects sensitive information when the user browses certain web sites.


The trojan collects passwords used to access the following site:

  • *bb.com.br*

The following programs are affected:

  • Microsoft Internet Explorer

The trojan collects the following information:

  • network adapter information
  • list of disk devices and their type
  • computer name

The trojan can send the information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (4) URLs. The HTTP protocol is used.


The trojan may create the following files:

  • %windir%\­logg1.ini
  • %windir%\­log12.ini

Please enable Javascript to ensure correct displaying of this content and refresh this page.