Threat behavior
Trojan:Win32/VB is a simple Trojan, written in Visual Basic that may drop other Trojans, or even other unwanted programs. Dropped files may be named 'VXGame.exe', 'Adobe Gamma Loader.exe' or similar. Dropped malware may contact a remote site and execute server-side scripts, or download other malware.
Installation
This Trojan may be written to the Windows startup folder by an installer. When Windows starts, programs in the startup folder are automatically launched. Trojan:Win32/VB may exist by one of these file names, or similar:
%UserProfile%\Start Menu\Programs\Startup\adobe gamma loader.exe
%UserProfile%\Start Menu\Programs\Startup\vxgame.exe
Payload
When this Trojan is run, it attempts to connect with a remote site and may execute a server-side script, possibly resulting in additional files being delivered to the computer. Variants of this Trojan were observed to connect to the site 'zw.nexoa.com' and execute a script 'rankboost.php'.
Additional Information
Trojan:Win32/VB may masquerade as a crack program, and has been observed in the wild with file names such as 'Windows.XP.Activation.Crack.zip' or similar.
Prevention
