[Description]
The trojan aims to appear as a valid picture, movie or a valid application.
This is the spreading method, by searching for media files or applications and coping itself there with a similar name
When it is run, it will show a message box with one of the following fake errors:
After that it start to search in all the folders for media files (avi, jpg and mp3 extensions)
If it finds a media file, then it copies itself in the same folder, borrow the same name
but adds the .exe extension (eq: picture1.jpg.exe)
Also, it search for application files (exe extension)
If it finds an exe file, then it copies itself in the same folder but it will add a random letter
in front of the name.
Also it checks the size of every file and if it is 28,672 bytes, it will not infect it. It does that
in order to avoid creating a copy for a file that is already infected
You can easily check if the virus is active by opening Task Manager and looking for a "L_and_A"
application like in the following picture:
[Clean]
Download our removal tool (Trojan.VB.28672-removaltool.zip) and restart the system in safe mode.
Extract the contents of the zip file to a folder. After that go to the folder where you have extracted
the contents of the archive and double click on the removaltool application. An easy to use graphical
interface will appear. You have to check the "Scan and clean" option and press on the "Scan" button.
No comments:
Post a Comment