English 
Deutsch
Español
Français
Portuguese
BehavesLike.Win32.VBMalware BehavesLike.Win32.VBMalware
By
GoldSparrow in 
Loading ...
BehavesLike.Win32.VBMalware Description
BehavesLike.Win32.VBMalware is a malware virus which, once active, downloads other unknown files from the Internet and creates a startup registry entry on the infected PC. The virus registers a 32-bit in-process server DLL and the countries of origin may be Spain or Brazil. BehavesLike.Win32.VBMalware The rogue malware is also known as Generic.dx, Mal/Emogen-Q, Trojan Horse or Trojan-Downloader.Win32.VB.ioo. BehavesLike.Win32.VBMalware It presents a severe threat to PC security and should be removed from the infected system immediately.
Type: Malware
How Can You Detect BehavesLike.Win32.VBMalware?
BehavesLike.Win32.VBMalware has typically the following processes in memory:
- %System%\Snxmsh.exe
- %System%\FlashVideo.dll
BehavesLike.Win32.VBMalware creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\Programmable
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C25BCED-226D-430C-A562-EDCB967A6049}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C25BCED-226D-430C-A562-EDCB967A6049}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B72C9EE6-291B-4C2F-A1F7-BF9562308AE0}\1.0\0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B72C9EE6-291B-4C2F-A1F7-BF9562308AE0}\1.0\HELPDIR
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}80BE-8A76A6DE8DF9}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\Implemented Categories
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\ProgID
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\VERSION
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C25BCED-226D-430C-A562-EDCB967A6049}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B72C9EE6-291B-4C2F-A1F7-BF9562308AE0}\1.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B72C9EE6-291B-4C2F-A1F7-BF9562308AE0}\1.0\FLAGS
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashVideo.clsFlashVideo\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C25BCED-226D-430C-A562-EDCB967A6049}\ProxyStubClsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B72C9EE6-291B-4C2F-A1F7-BF9562308AE0}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B72C9EE6-291B-4C2F-A1F7-BF9562308AE0}\1.0\0\win32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashVideo.clsFlashVideo
Important Article Disclaimer
This entry was posted on 10/29/09 and is filed under Malware.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
