This application requires Javascript for optimal performance.

W32/VB.WL!tr - Released Jul 30, 2006 - Last Updated Jan 13, 2011

Alias/es

Trojan.Win32.Refroso.jua (KAV)

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms


  • Visibly symptoms may vary.

Detailed Analysis


W32/VB.WL!tr is a generic detection for a type of trojan that uses a polymorphic custom packer, which is written in Visual Basic.

Since this is a generic detection, malware that are detected as W32/VB.WL!tr may have varying behavior. Below are examples of some of these behaviors:

  • Creates the following file:

    • %Windows%\winudpmgr.exe: original copy of the malware.

  • Creates the following registry:

    • key: HKCU\\Software\Microsoft\Windows\CurrentVersion\Run\
    • value: Windows UDP Control Center
    • data: %Windows%\winudpmgr.exe

  • Injects malicious code into the following processes:

    • explorer.exe
    • iexplore.exe

  • Deletes itself after execution.

  • Connects to the following server:

    • 94.68.{Removed}.85


Recommended Action

.

Reference: ID - 276186