United Kingdom
  • UK Support
  • My Account
  • Renewal Centre

Bitdefender®

  • Home
  • Home Users
  • Small Business
  • Corporate Business
  • ISPs
  • News
  • About Us
  • Partners
  • Home
  • Defense Center
  • Virus Information for - Trojan.VB.AE
BitDefender Products
  • Home Products
  • BitDefender for your Business
About BitDefender
  • About Us
  • Company Overview

Trojan.VB.AE

Spreading: high
Download removal tool
Damage: very low
Size: 28672
Discovered: 2006 Feb 12

SYMPTOMS:

Multiple executable files with similar names and the same size (28672 bytes) on your disk and one or many processes running under the name “L_and_A”; All copies have the same icon ( one that looks like the Microsoft Paint icon ).

TECHNICAL DESCRIPTION:

 

Trojan.VB.Ae was written in Visual Basic 6.0. The virus has a single window (witch it hides by moving it outside the screen coordinates).

Once executed, the virus will do the following:

  1. Will display a message box that looks like an error message from Windows. There are 4 possible error messages that the virus can show :

a)      File not found

b)      Windll.dll missing

c)      Unknown format

d)      Error opening file , Winpaint.dll missing

 

  1. The virus then waits until the user presses “Ok” button from the message box

 

  1. It start recursively , searching for files with following extension (*.exe , *.mp3 , *.avi , *.jpg) and does the following actions :

a)      if the target file is an executable file (*.exe) , it copies itself  to the same location as the target file , with a similar name ( with is created by adding a random letter in from of the target file name  E.g. for file write.exe , possible names are Wwrite.exe , hwrite.exe , etc ).

b)      if the target file is not an executable , it copies itself to the same location as the target file , with a similar name ( by adding extension “.exe” to the end of the file E.g. for mypicture.jpg , the virus will create a copy of itself with the name mypicture.jpg.exe )

  1. After this action , the remains inactive in memory ( it appears in Task Manager both in “Processes list” and “Application list”

The virus identifies itself after the size and it never overwrite itself.

Removal instructions:

a) Please let BitDefender disinfect your files.
b) Stop the process “L_and_A” when the message box with one of the 4 possible messages appears (and then delete original file). This will work only if this is the first time you contact the virus.

ANALYZED BY:

Dragos Gavrilut ,virus researcher

© 2010 BitDefender

  • Site Map
  • Legal Terms
  • Site Feedback
  • Global Sites
  • Privacy Policy

For Home Users

  • BitDefender® Total Security 2011
  • BitDefender® Internet Security 2011
  • BitDefender® Antivirus Pro 2011
  • BitDefender 2011 Product Comparison

For Small Business

  • For Small Business
  • BitDefender® Small Business Security for Desktops and File Servers
  • BitDefender® Small Business Security for Desktops, File Servers, and Exchange

News

  • BitDefender Finds IT Security Employees Likely to Disclose Sensitive Information on Social Networks
  • BitDefender Internet Security 2010 Receives Esteemed AV-Test Certification
  • BitDefender launches Total Security 2011 today to offer consumers a simplified and enhanced way to safeguard their online world

Tools & Resources

  • Free Online Virus Scanner
  • Renew Product Licence
  • Download Trial Versions
  • Download Datasheets