Trojan.VB.AQT
MEDIUM
VERY LOW
20480
(Trojan.Fakerecy
W32/VBTroj
FakeRecycled trojan)
Symptoms
Presence of directory Recycled with read-only and System attributes in the root directories of all write accesible drives.
Presence of file autorun.inf read-only, hidden and System attributes in the root directories of all write accessible drives.
Presence of file ctfmon.exe in StartUp directory in StartMenu of the current User.
Reappearing of these items after deleting.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Suiu Andrei, virus researcher
Technical Description:
When executed, the virus copies itself in mentioned locations and in the [disk]:\Recycled\Recycled\ctfmon.exe
and remains resident in memory scanning for appearing of new write accesible drives. Once a new disk drive appears, it infects it and the virus may infect other systems when the infected removable drive is plugged and autorun options is enabled.
SHARE
THIS ON