Home / malware Trojan.VB.AP
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.VB.AP.
Explanation :
Trojan.VB.AP was written in Visual Basic 6.0. The virus has a single window (witch it hides by moving it outside the screen coordinates).
Once executed, the virus will do the following:
The virus creates a new directory (with the same name as it`s own). In this way , it looks like the user has opened a directory , when it actually runs the virus) It tryes to create the following file : “C:Program FilesSymantecLiveUpdateLuall.exe” It start recursively , searching for files with following extension (*.exe , *.mp3 , *.avi , *.jpg) and does the following actions :
a) if the target file is an executable file (*.exe) , it copies itself to the same location as the target file , with a similar name ( with is created by adding a random letter in from of the target file name E.g. for file write.exe , possible names are Wwrite.exe , hwrite.exe , etc ).
b) if the target file is not an executable , it copies itself to the same location as the target file , with a similar name ( by adding extension “.exe” to the end of the file E.g. for mypicture.jpg , the virus will create a copy of itself with the name mypicture.jpg.exe )
After this action , the remains inactive in memory ( it appears in Task Manager both in “Processes list” and “Application list”
The virus identifies itself after the size and it never overwrite itself.Last update 21 November 2011
