MSIL/Pontoeb [Threat Name] go to Threat
MSIL/Pontoeb.AB [Threat Variant Name]
Category | trojan |
Size | 7248896 B |
Aliases | Backdoor.Win32.Poison.giti (Kaspersky) |
VirTool:Win32/Vbinder (Microsoft) |
Short description
MSIL/Pontoeb.AB is a trojan that installs MSIL/Pontoeb.N malware.
Installation
The trojan displays a fake error message:
- Critical Error: Access violation at address 00477A78 in module svchost.exe. Write of address 00000000.
The trojan creates the following files:
- %temp%\RMS20.exe (6500385 B, MSIL/Pontoeb.AB)
- %temp%\p.exe (74240 B, MSIL/Pontoeb.N)
The files are then executed.
Other information
After the installation is complete, the trojan deletes the original executable file.
Trojan requires the Microsoft .NET Framework to run.