Follow:

 

VirTool:Win32/VBInject.gen!BW


VirTool:Win32/VBInject.gen!BW is a detection of an obfuscator used by particular malware. It is written in VB (Visual Basic). It attempts to hinder analysis and detection of the malware code it is applied to. The malware code runs in memory directly without being dropped as a file.


What to do now

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.

Threat behavior

VirTool:Win32/VBInject.gen!BW is a detection of an obfuscator used by particular malware. It is written in VB (Visual Basic). It attempts to hinder analysis and detection of the malware code it is applied to. The malware code runs in memory directly without being dropped as a file.
 
VirTool:Win32/VBInject.gen!BW encrypts the malware code and embeds it as resource.
 
VirTool:Win32/VBInject.gen!BW decrypts the malware code, launches a new instance of itself, writes the decrypted malware code into the newly created process and runs the malware code in the new process.
 
Analysis by Shawn Wang

Symptoms

There are no obvious symptoms that indicate the presence of this malware on an affected machine.

Prevention


Alert level: Severe
First detected by definition: 1.63.1417.0
Latest detected by definition: 1.191.4841.0 and higher
First detected on: Aug 13, 2009
This entry was first published on: Oct 10, 2009
This entry was updated on: May 27, 2010

This threat is also detected as:
  • Win-Trojan/Inject.57344.CJ (AhnLab)
  • Trojan.Win32.VBKrypt.z (Kaspersky)
  • W32/VBTroj.BPMD (Norman)
  • Win32/AutoRun.KS (ESET)
  • Win32/Hamweq.IE (CA)
  • Generic VB.c (McAfee)