VBS/Psyme
VBS/Psyme is a Trojan that is written in Visual Basic Script and is known for downloading and executing harmful files on a compromised PC. VBS/Psyme may spread via peer-to-peer networks, unsolicited e-mails or newsgroup postings. VBS/Psyme may also be unknowingly downloaded by users intending to download video codecs. VBS/Psyme usually enters a PC in the form of a zipped executable with a randomly generated filename. Once inside a system, VBS/Psyme will communicate with a remote webserver and download additional malware. VBS/Psyme must be removed from a PC before it causes irrevocable damage to it.
File System Details
VBS/Psyme may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %AppData%\%ComputerName%.exe | |
| 2. | %CommonPrograms%\Funshion\FAQ.lnk | |
| 3. | %CommonPrograms%\Funshion\Update History.lnk | |
| 4. | %Temp%\[filename of the sample #1] | |
| 5. | %CommonPrograms%\Funshion\Download more decoders.lnk | |
| 6. | %CommonPrograms%\Funshion\Uninstall Funshion Movie on Demand.lnk | |
| 7. | %CommonPrograms%\Startup\qq.vbs | |
| 8. | %CommonDesktopDir%\Funshion Movie on Demand.lnk | |
| 9. | %CommonPrograms%\Funshion\Funshion Movie on Demand.lnk | |
| 10. | %CommonPrograms%\Funshion\What's Funshion.lnk |
Registry Details
VBS/Psyme may create the following registry entry or registry entries:
%ProgramFiles%\Kingsoft\PowerWord PE\templete\images
%ProgramFiles%\Kingsoft\PowerWord PE\plugin\netquery
%ProgramFiles%\Kingsoft\PowerWord PE\plugin\WikiQuery
%ProgramFiles%\Kingsoft\PowerWord PE\templete
%ProgramFiles%\Kingsoft\PowerWord PE\plugin\netindex
%ProgramFiles%\Kingsoft\PowerWord PE\plugin\spellsuggest
%ProgramFiles%\Kingsoft\PowerWord PE\styles
%ProgramFiles%\Kingsoft\PowerWord PE\plugin\localquery\dictdata
%ProgramFiles%\Kingsoft\PowerWord PE\plugin\situationsentence
%ProgramFiles%\Kingsoft\PowerWord PE\skin
