BKDR_VBOT.A
BKDR_VBOT.A is a malicious Backdoor virus which gains entry to the system after being downloaded unknowingly by a user visiting malicious websites. BKDR_VBOT.A takes advantage of a vulnerability in Adobe Acrobat and Adobe Reader to drop and execute a malicious file. As a result, malicious routines of the dropped backdoor are also exhibited on the affected system. BKDR_VBOT.A poses a threat PC security and should be removed immediately once detected.
File System Modifications
- The following files were created in the system:
# File Name 1 %Program Files%\Adobe\AdobeUpdateManager.exe - detected by Trend Micro as TROJ_VB.ZAA 2 %Program Files%\Adobe\zf32.dll 3 %Program Files%\Windows Defender\MPClient.exe 4 %Program Files%\Windows Defender\MPSvc.exe 5 %Program Files%\Windows NT\Windows Update\wuauclt.exe 6 %Program Files%\Windows NT\Windows Update\zf32.dll 7 %system%\Setup\AdobeUpdateManager.exe - detected by Trend Micro as TROJ_VB.ZAA 8 %system%\Setup\jucheck.exe - detected by Trend Micro as BKDR_VBBOT.AP 9 %system%\Setup\MPClient.exe 10 %system%\Setup\MPSvc.exe 11 %system%\Setup\OSA.exe - also detected as BKDR_VBOT.A 12 %system%\Setup\wuauclt.exe - detected by Trend Micro as BKDR_VBBOT.AM 13 %system%\Setup\zf32.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HKEY..\..\..\..{RegistryKeys}Microsoft Office quick launch = "%Program Files%\Microsoft Office\OFFICE11\OSA.exe"Windows\CurrentVersion\Run
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.