Trojan.Vb.AQT

( Trojan.Win32.VB.aqt, Trojan.Recycle, W32.Fakerecy )

SYMPTOMS:

    Presence of this malware may be indicated by :

* a "Recycled" folder on each drive, which has the icon of the Recycle Bin

* presence of a file "autorun.inf" in the drive root, containing:

[autorun]
shellexecute=Recycled\Recycled\ctfmon.exe
shell\Open(O)\command=Recycled\Recycled\ctfmon.exe
shell=Open(0)

TECHNICAL DESCRIPTION:

   Upon execution malware creates on all fixed and removable drives:

[DRIVE]:\autorun.inf
[DRIVE]:\Recycled\desktop.ini
[DRIVE]:\Recycled\INFO2,

, which are used to execute the malware when the drive is accessed.


    Copies itself as:

[DRIVE]:\Recycled\Recycled\ctfmon.exe

    Creates the following files as to be executed on Windows startup:

%User%\Start Menu\Programs\Startup\desktop.ini
%User%\Start Menu\Programs\Startup\ctfmon.exe

Removal instructions:

Please let BitDefender disinfect your files.

ANALYZED BY:

Daniel RADU, virus researcher