Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/PSW.VB.NEY

Aliases:Trojan-Downloader.Win32.VB.mxw (Kaspersky), TrojanDownloader:Win32/Troxen!rts (Microsoft), Generic Downloader.x!dny trojan (McAfee) 
Type of infiltration:Trojan  
Size:73730 B 
Affected platforms:Microsoft Windows 
Signature database version:4989 (20100331) 

Short description

Win32/PSW.VB.NEY installs a backdoor that can be controlled remotely.

Installation

When executed the trojan copies itself in the following locations:
  • %system%data0012a.txt.txt
  • %system%data0012a.txt.exe
The trojan creates the following files:
  • %startup%santa.bat
In order to be executed on every system start, the trojan sets the following Registry entry:
  • [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion
    Run]
    "Winsys32sys" = "%system%data0012a.txt.exe"

Other information

The trojan acquires data and commands from a remote computer or the Internet. The trojan contains a list of (1) URLs. The HTTP protocol is used.

It can execute the following operations:
  • download files from a remote computer and/or the Internet
  • run executable files