Win32/VB.OLP [Threat Name] go to Threat

Win32/VB.OLP [Threat Variant Name]

Category trojan,worm
Size 52877 B
Detection created Aug 25, 2009
Detection database version 10444
Aliases Generic.dx!egm (McAfee)
  Trojan.Adclicker (Symantec)
Short description

Win32/VB.OLP is a trojan which tries to download other malware from the Internet. The file is run-time compressed using FSG .

Installation

When executed, the trojan creates the following files:

  • %program files%\­Windows Media Player\­flashget.exe (61440 B)
  • %program files%\­maps\­conime.exe (36864 B)
  • %program files%\­maps\­ctfmon.exe (57344 B)
  • %program files%\­uuscall\­qq.exe (32768 B)
  • %allusersprofile%\­lsass32.exe (167936 B)
  • kill.bat

The files are then executed.

Information stealing

The trojan collects the following information:

  • computer name

The trojan can send the information to a remote machine.


The HTTP protocol is used.

Other information

The trojan may create the following files:

  • %program files%\­2.txt

The trojan opens the following URLs in Internet Explorer :

  • http://www.34800.com/123.asp

The trojan executes the following command:

  • cmd.exe /c net stop sharedaccess

The trojan contains a list of URLs.


It tries to download several files from the addresses.


These are stored in the following locations:

  • %program files%\­Internet Explorer\­fgcn_276.exe
  • %program files%\­Internet Explorer\­pipi_314.exe
  • %program files%\­avp.exe
  • %program files%\­Upgrade.ini

The files are then executed.

Please enable Javascript to ensure correct displaying of this content and refresh this page.