Trojan.VBSilly
Trojan.VBSilly is a Trojan horse that's often seen with other threats such as worms. Even though early Trojan.VBSilly variants were seen as long ago as 2008, recent infections have also been reported. Trojan.VBSilly may use fake system processes to hide itself, alter your Internet Explorer layout, add files to your Startup folder, or make contact with remote hosts. In spite of Trojan.Autokey's age, Trojan.VBSilly is a considerable danger to any computer's security; when possible, remove Trojan.VBSilly with the use of the best anti-malware software that's at your disposal.
Catching Sight of Trojan.VBSilly Before It's Too Late
Trojan.VBSilly was first seen in 2008, but has also infected computers in 2010 and 2011. Most Trojan.VBSilly Trojans are installed by other Trojans, and may themselves install new threats of their own. Trojan.VBSilly is often identified by by generic Trojan labels such as Trojan.Gen2 and Trojan.Win32.VBSilly.
Trojan.VBSilly is often linked to the presence of 'Application Updater.exe' files in the Application Data folder, but not all Trojan.VBSilly infections use this file. Other Trojan.VBSilly Trojans may create fake explorer.exe and lsass.exe files that can run without being seen for obvious intruders.
Many Trojan.VBSilly Trojans and infections that are related to them may also try to contact remote hosts; this can be seen by monitoring port security and network traffic. In some cases, Trojan.VBSilly and related threats may add themselves as exceptions to your firewall or even turn your firewall off.
The Payload That Trojan.VBSilly Hides from Sight
Trojan.VBSilly has been linked to a variety of problems, some of which Trojan.VBSilly creates by changing your Registry. Others are caused by infections that are installed at the same time as Trojan.VBSilly itself.
- Trojan.VBSilly may use the Registry to alter your Internet Explorer toolbar layout. This can restrict your ability to access certain IE features, or hide browser-hijack attacks.
- Many Trojan.VBSilly infections come with keyloggers that record keyboard-based input. Some keyloggers can also take screenshots or use other methods for recording and stealing private information.
- Trojan.VBSilly is also confirmed to be accompanied by worms. Worms can copy themselves and exploit Autorun.inf vulnerabilities to spread infections through networks and removable devices.
- Some Trojan.VBSilly Trojans will also add files to your Startup folder without your permission.
- Last of all, Trojan.VBSilly and related threats may attempt to contact remote criminals. This can be the start of an attack that takes over your computer, disables your security, steals personal information, or forces your PC to become part of a DDoS network.
All Trojan.VBSilly infections involve a high level of Windows Registry manipulation, and most Trojan.VBSilly Trojans will be in the company of at least two other PC threats. You should detect and delete Trojan.VBSilly and other malicious software, by using an appropriate security program that will be able to run a full scan of your PC.
File System Modifications
- The following files were created in the system:
# File Name 1 aHvFmtjxlhgIe.exe 2 andy133.exe 3 AntiVirus_System_2011.exe 4 audio.exe 5 crqytiqlajb.exe 6 ctfmon.exe 7 dewin32.exe 8 javachelper.dll 9 lpcywinp.exe 10 MPTols.exe 11 msnmsgr.exe 12 net.net 13 NlsData000d32.exe 14 nsvsc32.exe 15 ntsmod.exe 16 OPR.exe 17 rundll32.exe 18 Scvhosts.exe 19 Server.exe 20 TT.exe 21 USB GATE.exe 22 winayuda.exe 23 zlxfmompe.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{6742CC3A-65E8-4ED9-B051-AA119195C7BE}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{C94138D5-BED4-4865-9DD5-4F9955277EB0}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{E30D4ED9-0D46-4757-ADE5-1736BEFCC15A}HKEY..\..\..\..{RegistryKeys}RUNNING PROGRAM\explorer.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ AthanHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ExplorerHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ GoogleUpdateHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ System FileHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ WinNT 32HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ mediaHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ windebug
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.