Malware type: Worm

Aliases: Trojan.Win32.VB.aqt (Kaspersky), FakeRecycled (McAfee), W32.Fakerecy (Symantec), TR/VB.aqt.18 (Avira), W32/SillyFD-AE (Sophos), Trojan:Win32/VB (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This worm usually arrives on a system as a dropped file of other malware, or as a file downloaded from the Internet by an unsuspecting user when visiting malicious Web sites.

Upon execution, it drops copies of itself as CTFMON.EXE in the created folder RECYCLED, which is located in the root folder. It also creates its own AUTORUN.INF file in the created folder. The said file contains certain codes that execute this worm.

It uses the icon of the Recycle Bin folder to disguise the folder it creates. This technique is a stealth mechanism done to trick users into thinking that the said folder is the legitimate Recycle Bin.

It propagates by dropping a copy of itself in removable drives along with its component file AUTORUN.INF.

For additional information about this threat, see:
Solution
Technical Details

Description created: Aug. 30, 2006 8:51:05 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.