VirTool:Win32/VBInject.gen!CH

Detected by Microsoft Defender Antivirus

Aliases: Trojan.Win32.Buzus.cxbg (Kaspersky) TR/Dropper.Gen (Avira) BackDoor.Pigeon.12660 (Dr.Web) Trj/Buzus.AH (Panda)

Summary

VirTool:Win32/VBInject.gen!CH is a trojan that modifies the computer's security settings by attempting to disable UAC (User Account Control) and the Windows Firewall. It also connects to a remote server to download arbitrary files.

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.

Additional remediation instructions for VirTool:Win32/VBInject.gen!CH

This threat may make lasting changes to an affected system’s configuration that will NOT be restored by detecting and removing this threat. For more information on returning an affected system to its pre-infected state, please see the following article/s:

For more information on the "EnableLUA" registry entry: http://msdn.microsoft.com/en-us/library/cc232765(PROT.10).aspx
To restart the "sharedaccess" (Windows Firewall) service:

Stopping and starting Windows services:

For Windows 7 and Vista: http://windows.microsoft.com/en-US/windows-vista/Manage-services-in-Windows-Vista-from-Windows-Vista-Inside-Out
For Windows XP: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sys_srv_start_service.mspx

VirTool:Win32/VBInject.gen!CH

Summary

What to do now

Additional remediation instructions for VirTool:Win32/VBInject.gen!CH

Technical information

Threat behavior

Payload

Prevention

Symptoms