Cart
Trojan.VB.AQT( Trojan.Fakerecy W32/VBTroj FakeRecycled trojan )
SYMPTOMS: Presence of directory Recycled with read-only and System attributes in the root directories of all write accesible drives.Presence of file autorun.inf read-only, hidden and System attributes in the root directories of all write accessible drives. Presence of file ctfmon.exe in StartUp directory in StartMenu of the current User. Reappearing of these items after deleting. TECHNICAL DESCRIPTION: When executed, the virus copies itself in mentioned locations and in the [disk]:\Recycled\Recycled\ctfmon.exeand remains resident in memory scanning for appearing of new write accesible drives. Once a new disk drive appears, it infects it and the virus may infect other systems when the infected removable drive is plugged and autorun options is enabled. Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Suiu Andrei, virus researcher |