Home / malwarePDF  

VBS.Trojan.Carewmr.A


First posted on 21 November 2011.
Source: BitDefender

Aliases :

VBS.Trojan.Carewmr.A is also known as N/A.

Explanation :

The Trojan display some message boxes with the text:
1. "Welcome to CLRAV of Kaspersky Labs, press OK or Accept to Start scanning your computer. "
2. "ERROR!, Code error:3212552, please execute this tool in MS-DOS."
3. "Thank You for prefer Kaspersky Labs Products"
On September the 1st it also display the message:
"Mr.Carew vuelve otra vez!!, jaja"
It tries to delete some registry keys:
"HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunSystemTray"
"HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunAVPCC"
"HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunNAVW32"
"HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunTrueVector"
"HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunoneAlarm Pro"
It also tries to connect to the site "http:\\www.avp.ru".
It creates 0 bytes size files on "C:":
- "C:Norton2003isbad_preferKAVORAVP"
- "C:AVP"
- "C:NAV"
- "C:CHILE"
- "C:TEMUCO"
- "C:MCAFEE"
- "C:ENTELPCS"
- "C:GSM1900MHZ"
- "C:SONYERICSSON"
- "C:CAREFULLY_WHIT_ME"
- "C:YOUR_PC_IS_VERY_BAD"
- "C:I HATE MELINA"
- "C:VBS.CarewMR.a"
- "C:Windows is a real virus?"
- "C:MELINA_TE_ODIO_MUERETE!"
- "C:WindowsXP"
- "C:Windows3.11"
- "C:Windows98SE"
- "C:WindowsME"
- "C:Windows 95"
- "C:WindowsNT"
- "C:Windows2000"
- "C:TELLCELL S.A"
- "C:PORN"
- "C:ORAL_SEX"
- "C:BIN_LADEN_FUCKYOU"
- "C:ICQ"
- "C:PANDA"
- "C:NOD32"
- "C:TREND"
- "C:PC-CILLIN"
- "C:AvpM.exe"
- "C:Kaspersky_AntiVirus_PersonalPRO_THEBEST!!!!!"
- "C:Norton_thePOOR"
- "C:Madonna_Sucking_my_dick.avi"
- "C:Your_system_is_infected_by_a_virus_jajajajajajaja.jajajaja"
- "C:THE_HEURISTIC_OF_NORTON_IS_VERY_BAD_AND_PRODUCE:POSITIVES-FALSES"
It also creates the folders:
- "C:Symantec"
- "C:KasperskyLabs"
- "C:PandaSoftware"
- "C:TrendMicro"
- "C:Eset-Nod-fucked".
It tries to delete the folder "C:Windows".
The trojan creates in current folder a file, named "CLRAV_Report.log", with an error message:
"Due an error, Code error:3212552, CLRAV has not disinfect your computer
For Support please send a e-mail to support@kaspersky.com and please indicate the Code Error."
Removal:

Last update 21 November 2011

 

TOP

Malware :

Family: