SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Vb.AQT

HIGH
LOW
20,480 bytes
(Trojan.Win32.VB.aqt, Trojan.Recycle, W32.Fakerecy)

Symptoms

    Presence of this malware may be indicated by :
* a "Recycled" folder on each drive, which has the icon of the Recycle Bin

* presence of a file "autorun.inf" in the drive root, containing:
[autorun]
shellexecute=Recycled\Recycled\ctfmon.exe
shell\Open(O)\command=Recycled\Recycled\ctfmon.exe
shell=Open(0)

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Daniel RADU, virus researcher

Technical Description:

   Upon execution malware creates on all fixed and removable drives:
[DRIVE]:\autorun.inf
[DRIVE]:\Recycled\desktop.ini
[DRIVE]:\Recycled\INFO2,
, which are used to execute the malware when the drive is accessed.


    Copies itself as:
[DRIVE]:\Recycled\Recycled\ctfmon.exe
    Creates the following files as to be executed on Windows startup:
%User%\Start Menu\Programs\Startup\desktop.ini
%User%\Start Menu\Programs\Startup\ctfmon.exe
Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources