Trojan.Win32.VBKrypt.dejs
Trojan.Win32.VBKrypt.dejs is a Visual Basic-based worm and a Trojan that contacts remote IRC servers to allow remote criminals to attack your PC in various ways, including installing other types of malicious software, spying on private information or disabling security programs. Like other worms that SpywareRemove.com malware researchers have analyzed, Trojan.Win32.VBKrypt.dejs is able to use networks and removable drives to reproduce via copying itself, and security measures that keep Trojan.Win32.VBKrypt.dejs from spreading should be a foremost concern for anyone with a Trojan.Win32.VBKrypt.dejs-infected PC. Although Trojan.Win32.VBKrypt.dejs currently is low in propagation, as a very recently-emerged threat, Trojan.Win32.VBKrypt.dejs may avoid being detected unless you update your anti-malware programs to detect and remove Trojan.Win32.VBKrypt.dejs (with some help from recent threat definition databases).
Tracing the Trail That Trojan.Win32.VBKrypt.dejs Leaves Behind
Early Trojan.Win32.VBKrypt.dejs infection reports were confirmed in August of 2011, and any security software should be up-to-date from that point, to be able to remove Trojan.Win32.VBKrypt.dejs with proper efficiency. The Trojan.Win32.VBKrypt.dejs family of threats uses standard code-hiding and compression tactics to avoid initial detection, so you may be unable to see Trojan.Win32.VBKrypt.dejs at first unless you have access to exceptionally accurate anti-malware scanners.
Trojan.Win32.VBKrypt.dejs can be detected by a single alias, Win32/VBKrypt.FG, although Trojan.Win32.VBKrypt.dejs does have numerous relatives in the same VBKrypt subcategory. Examples of the latter include Trojan.Win32.VBKrypt.agdc, Trojan.Win32.VBKrypt.djjo, Trojan.Win32.VBKrypt.covy and Trojan.Win32.VBKrypt.m. Despite its use of traditional stealth techniques, Trojan.Win32.VBKrypt.dejs launches itself in a rather obtrusive way, and you can see its randomly-named memory process (such as zzbrenkzz.exe) by opening Task Manager.
Even though Trojan.Win32.VBKrypt.dejs tries to avoid being seen, many of its attacks will leave incidental traces of their existence behind that you may be able to detect. Since Trojan.Win32.VBKrypt.dejs may copy itself to multiple locations, including network-shared folders and removable devices, you may detect Trojan.Win32.VBKrypt.dejs's hidden files by looking for unusual space usage. SpywareRemove.com malware research team notes that avoiding contact with PCs that have been infected by Trojan.Win32.VBKrypt.dejs is vital, since Trojan.Win32.VBKrypt.dejs may infect any computer that shares the same network or portable drive devices.
Other signs of Trojan.Win32.VBKrypt.dejs's activities can include a disabled or tampered-with firewall and network ports that have been opened (both of which are part of Trojan.Win32.VBKrypt.dejs's attempts to make remote contact with criminal entities).
Defining Trojan.Win32.VBKrypt.dejs's Many Abuses of Your PC
Counting out the full list of possible Trojan.Win32.VBKrypt.dejs attacks would result in an unwieldy barrage of text, since Trojan.Win32.VBKrypt.dejs's attacks are generalized and can be applied in numerous ways. However, the following notes the most likely attacks that can be related to Trojan.Win32.VBKrypt.dejs infections:
- Because SpywareRemove.com malware research team has observed Trojan.Win32.VBKrypt.dejs to make contact with IRC servers, Trojan.Win32.VBKrypt.dejs may be used to gain control over your PC, in the style of a RAT or Remote Administration Tool. The control that a hacker can exert over your computer with a Trojan like Trojan.Win32.VBKrypt.dejs is nearly unlimited, although Trojan.Win32.VBKrypt.dejs is most likely to confine itself to stealing private information or installing harmful software.
- Trojan.Win32.VBKrypt.dejs may also make remote contact for the purposes of installing harmful software by itself, such as scamware, ransomware trojans or keyloggers. The installation process will be hidden or will make use of misleading messages that imply that these infections are things that you'd want on your PC (which is, of course, far from the truth).
- Most importantly, Trojan.Win32.VBKrypt.dejs may engage in general security attacks that leave your PC open to any number of hostile actions in the future. Such attacks are often evident in an inability to update or run anti-virus scanners and similar types of software, and may even disable basic Windows programs like Notepad or Task Manager.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\zzbrenkzz.exe
File name: %AppData%\zzbrenkzz.exeSize: 131B (131 bytes)
MD5: 0xFEF26399FD6188C653C8CB6A91FBE5
File type: Executable File
Mime Type: unknown/exe
Registry Modifications
HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Taskman = "%AppData%\zzbrenkzz.exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WindowsUpdaterzz = "%AppData%\zzbrenkzz.exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.