Win32/PSW.VB.NEY installs a backdoor that can be controlled remotely.
When executed the trojan copies itself in the following locations:
The trojan creates the following files:
In order to be executed on every system start, the trojan sets the following Registry entry:
"Winsys32sys" = "%system%data0012a.txt.exe"
The trojan acquires data and commands from a remote computer or the Internet. The trojan contains a list of (1) URLs. The HTTP protocol is used.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- run executable files