Name alias Trojan.Win32.VB.aqt, Trojan.Recycle, W32.Fakerecy. Presence of this malware may be indicated by :* a "Recycled" folder on each drive, which has the icon of the Recycle Bin
* presence of a file "autorun.inf" in the drive root, containing:
[autorun]
shellexecute=Recycled\Recycled\ctfmon.exe
shell\Open(O)\command=Recycled\Recycled\ctfmon.exe
shell=Open(0)
Upon execution malware creates on all fixed and removable drives:
[DRIVE]:\autorun.inf
[DRIVE]:\Recycled\desktop.ini
[DRIVE]:\Recycled\INFO2,
, which are used to execute the malware when the drive is accessed.
Copies itself as:
[DRIVE]:\Recycled\Recycled\ctfmon.exe
Creates the following files as to be executed on Windows startup:
%User%\Start Menu\Programs\Startup\desktop.ini
%User%\Start Menu\Programs\Startup\ctfmon.exe
Please let BitDefender disinfect your files.
Download BitDefender Antivirus 2009 Full
No comments:
Post a Comment