Jump to content


Photo

Antispy storm installer


  • Please log in to reply
2 replies to this topic

#1 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 02 November 2007 - 01:20 AM

Example thread/log:
http://www.lavasofts...showtopic=13573

The installer (vvgeowbv.exe) attached. (file is renamed to a vir extension)
This one runs under the HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon - Userinit value
plus it also creates a HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon - Userinit value

vvgeowbv.exe is responsible for dropping all these "dummy files" + a BHO (%System%\aivskurq.dll) + Changes desktop (%Windir%\default.htm) + displays fake alerts.

Attached File  vvgeowbv.exe.zip   117.75KB   3 downloads
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.

#2 LS Andy

LS Andy

    Lavasoft Staff/Forum Overlord

  • Root Admin
  • 1515 posts

Posted 02 November 2007 - 11:17 AM

Hi miekiemoes,

We picked this up this morning and added it to detection. Thanks for uploading!

Regards,

Andy
Lavasoft Research

Example thread/log:
http://www.lavasofts...showtopic=13573

The installer (vvgeowbv.exe) attached. (file is renamed to a vir extension)
This one runs under the HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon - Userinit value
plus it also creates a HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon - Userinit value

vvgeowbv.exe is responsible for dropping all these "dummy files" + a BHO (%System%\aivskurq.dll) + Changes desktop (%Windir%\default.htm) + displays fake alerts.

Attached File  vvgeowbv.exe.zip   117.75KB   3 downloads


irc.geekshed.net /join #MalwareLab

Twitter: @LSAndyB
unsolicited@tenalia.com

#3 Celena

Celena

    Member

  • Members
  • PipPip
  • 10 posts

Posted 11 April 2012 - 05:08 AM

Thanks for the upload miekiemoes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users