Antispy storm installer
Example thread/log:
http://www.lavasoftsupport.com/index.php?showtopic=13573
The installer (vvgeowbv.exe) attached. (file is renamed to a vir extension)
This one runs under the HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon - Userinit value
plus it also creates a HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon - Userinit value
vvgeowbv.exe is responsible for dropping all these "dummy files" + a BHO (%System%\aivskurq.dll) + Changes desktop (%Windir%\default.htm) + displays fake alerts.
-
Hi miekiemoes,
We picked this up this morning and added it to detection. Thanks for uploading!
Regards,
Andy
Lavasoft Research
Example thread/log:http://www.lavasoftsupport.com/index.php?showtopic=13573
The installer (vvgeowbv.exe) attached. (file is renamed to a vir extension)
This one runs under the HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon - Userinit value
plus it also creates a HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon - Userinit value
vvgeowbv.exe is responsible for dropping all these "dummy files" + a BHO (%System%\aivskurq.dll) + Changes desktop (%Windir%\default.htm) + displays fake alerts.
0 -
Thanks for the upload miekiemoes. 0
Please sign in to leave a comment.
Comments
2 comments