SecurityHome.eu Trojan.Downloader.VBS.DA

Home / malware PDF

Trojan.Downloader.VBS.DA

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Trojan.Downloader.VBS.DA is also known as %Trojan.Downloader.JS.Gen, (KAV.
Explanation :
This small downloader is written in VBS and it is embeded in html files. When it receives control, it will attempt to download 4 files from the following location: http://love[removed].org/css. The files being downloaded are:

- AutoCfg.exe - infected, detected as Backdoor.Ardu.A

- Instexnt.exe, Autoexnt.exe, Servmess.dll - these are clean files and are used for running scripts before a user logs on

After downloading these filese, it will attempt to install AutoExNT service and it will create another file (AutoExNT.bat), where the infected application (AutoCfg.exe) will be listed. This way, the malware will receive execution after every reboot, even if there is no user logged on that computer.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan:W32/VB.BKX
Trojan.VB.AQT
Win32.Worm.VB.NWW
Worm:VBS/HeadTail.A
Trojan.VB.AE
Trojan:VBS/StartPage.BO
Trojan.VB.AP
Trojan-Dropper:W32/VB.ME
Win32.Worm.VB.Ymeak.A
Worm:W32/VB.KQ