Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Troj_vb.fww

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Troj_vb.fww
# 1  
Old 12-30-2007
Troj_vb.fww
This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.
This Trojan creates a registry entry to enable its automatic execution at every system startup.
Once executed, it searches for files with specific extensions. When it finds a match, it drops a copy of itself using the filename of the found file appended with the extension .EXE.
It also modifies the last section of the dropped file in an attempt to avoid easy detection. Furthermore, it creates a folder with an attribute set to Hidden using the file name without extension of the executed copy appended with the string 1 as the folder name.
This Trojan is written in Visual Basic, a high-level programming language.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

soldelapp

soldelapp(1M)						  System Administration Commands					     soldelapp(1M)

NAME

       soldelapp - remove an application from the Solstice application registry

SYNOPSIS

       /usr/snadm/bin/soldelapp [-r registry] -n name

DESCRIPTION

       soldelapp  removes an application from the Solstice application registry. After removal, the application is no longer displayed in the Sol-
       stice Launcher main window (see	solstice(1M)).

OPTIONS

       -r registry    Define the full path name of the Solstice registry file.

       -n name	      Define the name of the tool to be removed.

       When executed without options,  soldelapp uses  /opt/SUNWadm/etc/.solstice_registry (the default registry path).

RETURN VALUES

       0    on success

       1    on failure

       2    if the registry is locked

       3    if	name is not found in the registry

       4    if the named registry or default registry is not found

EXAMPLES

       Example 1 A sample display of the soldelapp command.

       The following removes an application called Disk Manager from the Solstice application registry and the Solstice Launcher main window.

	 # soldelapp -r /opt/SUNWadm/etc/.solstice_registry -n "Disk Manager"

FILES

       /opt/SUNWadm/etc/.solstice_registry

	   The default registry file.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsadml 		   |
       +-----------------------------+-----------------------------+

SEE ALSO

       soladdapp(1M), solstice(1M), attributes(5)

NOTES

       Globally registered applications are used by local and remote users sharing the software in  a  particular  /opt  directory.  They  can	be
       removed only using  soldelapp.

SunOS 5.11							    15 Sep 1995 						     soldelapp(1M)