Home / malware TrojanDownloader:Win32/VB.XR
First posted on 10 July 2009.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/VB.XR is also known as Also Known As:Win32/Donloz.FE (CA), Trojan-Downloader.Win32.Agent.bgpo (Kaspersky), Mal/Inet-Fam (Sophos), Trojan horse VB.GJH (AVG), Win32/VB.NTI (ESET), Technical InformationTrojanDownloader:Win32/VB.XR is a troja, InstallationTrojanDownloader:Win32/VB.XR is a trojan that ma, , <system folder>inertno.exe , Note - <system folder> refers to a variable lo, PayloadDownloads other files, TrojanDownloader:Win32/VB.XR checks for the presence of the , , %windir%sonndman.exe , If this file is not present in the system, TrojanDownloader:, , crr.fdu8.cn , The downloaded file is saved in the following location:, , <system folder>vqb.exe , At the time of this writing, the file is no longer accessibl, , Analysis by Elda Dimakiling, StepsTake the following steps to help prevent infection on y, Get the latest computer updates for all your installed softw, Use up-to-date antivirus software., Use caution when opening attachments and accepting file tran, Use caution when clicking on links to web pages., Avoid downloading pirated software., Protect yourself against social engineering attacks., Use strong passwords., Enable a firewall on your computer Use a third-party firewal, To turn on the Windows Firewall in Windows Vista, Click Start, and click Control Panel., Click Security., Click Turn Windows Firewall on or off., Select On., Click OK., To turn on the Internet Connection Firewall in Windows XP, Click Start, and click Control Panel., Click Network and Internet Connections. If you do not see Ne, Click Change Windows Firewall Settings., Select On., Click OK., Get the latest computer updates Updates help protect your co, , You can use the Automatic Updates feature in Windows to auto, To turn on Automatic Updates in Windows Vista, Click Start, and click Control Panel. , Click System and Maintainance., Click Windows Updates more.
Explanation :
TrojanDownloader:Win32/VB.XR is a trojan that downloads arbitrary files into the system.
Installation
TrojanDownloader:Win32/VB.XR is a trojan that may be dropped in the system by other malware, such as TrojanDropper:Win32/VB.HO. It is usually installed in the system as:<system folder>inertno.exe Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:WinntSystem32; and for XP and Vista is C:WindowsSystem32.
Payload
Downloads other filesTrojanDownloader:Win32/VB.XR checks for the presence of the following file:%windir%sonndman.exe If this file is not present in the system, TrojanDownloader:Win32/VB.XR connects to the following site to download a file:crr.fdu8.cn The downloaded file is saved in the following location:<system folder>vqb.exe At the time of this writing, the file is no longer accessible.
Analysis by Elda DimakilingLast update 10 July 2009
