Skip to main content

Antispy storm installer

Comments

2 comments

  • Customer

    Hi miekiemoes,

     

    We picked this up this morning and added it to detection. Thanks for uploading!

     

    Regards,

     

    Andy

    Lavasoft Research

     

    Example thread/log:

    http://www.lavasoftsupport.com/index.php?showtopic=13573

     

    The installer (vvgeowbv.exe) attached. (file is renamed to a vir extension)

    This one runs under the HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon - Userinit value

    plus it also creates a HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon - Userinit value

     

    vvgeowbv.exe is responsible for dropping all these "dummy files" + a BHO (%System%\aivskurq.dll) + Changes desktop (%Windir%\default.htm) + displays fake alerts.

     

    vvgeowbv.exe.zip


    0
  • Customer
    Thanks for the upload miekiemoes.
    0

Please sign in to leave a comment.