Home / malware Trojan:Win32/VB
First posted on 15 February 2019.
Source: MicrosoftAliases :
Trojan:Win32/VB is also known as Trojan horse VB.S, Trojan.Win32.VB.ami, AdClicker-C.gen, W32/VBTroj.BHI, Troj/AdClick-CS, Trojan.Vxgame, Trojan.Adclicker, TROJ_CLICKER.CM.
Explanation :
Trojan:Win32/VB is a simple Trojan, written in Visual Basic that may drop other Trojans, or even other unwanted programs. Dropped files may be named 'VXGame.exe', 'Adobe Gamma Loader.exe' or similar. Dropped malware may contact a remote site and execute server-side scripts, or download other malware. InstallationThis Trojan may be written to the Windows startup folder by an installer. When Windows starts, programs in the startup folder are automatically launched. Trojan:Win32/VB may exist by one of these file names, or similar:%UserProfile%Start MenuProgramsStartupadobe gamma loader.exe%UserProfile%Start MenuProgramsStartupvxgame.exe PayloadWhen this Trojan is run, it attempts to connect with a remote site and may execute a server-side script, possibly resulting in additional files being delivered to the computer. Variants of this Trojan were observed to connect to the site 'zw.nexoa.com' and execute a script 'rankboost.php'. Additional InformationTrojan:Win32/VB may masquerade as a crack program, and has been observed in the wild with file names such as 'Windows.XP.Activation.Crack.zip' or similar.
Last update 15 February 2019
