McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Create Account | Login  | What is TrustedSource?
 
Home  Threats and Trends  Malware Information
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 

Malware Information

Malware nameTrojan.VB.dnz
TypeTrojan
Affected platformWin32
Media-Typeapplication/executable
MD5 checksumD90E680564229D86E6311EF9A11CDA8C
Static fileyes
Filesize86,016 Bytes
Alias names
(also known as)
SophosMal/VB-F
McAfeeMontague
CA ETrustWin32/Moriogu.A
Side effectsRegistry modification
PropagationNo own spreading routine

Description:

Files

It copies itself to the following locations:
• %SYSDIR%\Win2x.exe
• %SYSDIR%\save.exe



The following file is created:

– Non malicious file:
• %SYSDIR%\dll.sys

Registry

The following registry keys are added in order to run the processes after reboot:

– [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
• Win2x="%SYSDIR%\Win2x.exe"

– [HKLM\SYSTEM\ControlSet001\Services\Win2x]
• Start=dword:00000002
• Type=dword:00000110
• ErrorControl=dword:00000001
• ObjectName="LocalSystem"
• ImagePath=%SYSDIR%\save.exe

File details

Programming language:
 The malware program was written in Visual Basic.

McAfee Homepage | Contact | Privacy Policy

Copyright © 2007-2009 McAfee, Inc. All Rights Reserved.

THE DATA IS FURNISHED, "AS IS" WITHOUT ANY WARRANTY OF ANY KIND, AND MCAFEE® HEREBY DISCLAIM ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES AS TO NON-INFRINGEMENT, AND IN NO EVENT SHALL MCAFEE® BE LIABLE FOR COSTS OF PROCURING SUBSTITUTE GOODS. IN NO EVENT WILL MCAFEE® BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT MCAFEE® HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.