Home Malware Programs Backdoors Mal/VB-JY

Mal/VB-JY

Posted: February 17, 2011

The backdoor Trojan Mal/VB-JY runs as an imperceptible background process while attacking your PC's security. Attacks by Mal/VB-JY can include changed settings and blocked programs or websites. Mal/VB-JY can also download other malware onto your system, particularly for the purpose of letting a remote attacker take control. Since this Trojan hides in the Windows system folder, it's best to delete Mal/VB-JY with an anti-malware application instead of trying to handle Mal/VB-JY on your own.

Mal/VB-JY is a Hacker's Best Friend

Mal/VB-JY's main goal in any computer is to remove the security either directly or indirectly to let a remote attacker into the system. Remote attacks are responsible for Denial-of-service botnets as well as keylogging, theft of identity information and other dangers. One of the most obvious signs of a backdoor Trojan like Mal/VB-JY is to check your firewall for exceptions made for unrecognized programs or for the deactivation of the firewall itself.

This Trojan may go further, however, some sources note Mal/VB-JY as able to restrict website access to prevent the user from locating security tools. Mal/VB-JY and similar PC threats tend to use this in conjunction with blocked program access; for example, by blocking your Task Manager or anti-virus scanners.

All these security limitations put your computer at high risk until you delete Mal/VB-JY, since a remote attacker may do virtually anything with the machine. Consider all information typed and all information saved in files to be at risk until you've verified that Mal/VB-JY is gone.

The Only Things You Can Do Against Mal/VB-JY

In many cases, Mal/VB-JY will use compression technology to make itself less noticeable. This can even let Mal/VB-JY get past good security products to infect your PC. Keeping your software updates current and avoiding suspicious sites and files can help reduce the chance of this happening.

Don't assume that Mal/VB-JY isn't running just because you can't see Mal/VB-JY; this Trojan makes additions to the Windows Registry that let Mal/VB-JY run with your computer, unseen. Using a Safe Mode boot will let you work past Mal/VB-JY's attacks and stop the malware from running temporarily to let you delete Mal/VB-JY.

Mal/VB-JY hides in your Windows folder in most cases, which makes deleting Mal/VB-JY manually a risky endeavor. For all but seasoned computer maintenance veterans, appropriate anti-malware software is suggested instead. Cleaning Mal/VB-JY out efficiently is important, since Mal/VB-JY can easily download other infections the longer you take at getting Mal/VB-JY deleted!

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\Bifrost\logg.dat
    2 %System%\Bifrost\server.exe
    3 %Temp%\dev.vbs, %Temp%\Nashy.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\BifrostHKEY_CURRENT_USER\Software\Microsoft\Speech\AudioOutputHKEY_CURRENT_USER\Software\Microsoft\Windows Script HostHKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\SettingsHKEY_LOCAL_MACHINE\SOFTWARE\BifrostHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components {9D71D88C-C598-4935-C5D1-43AA4DB90836}HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideoHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
Loading...