Global sites
SolutionsProductsPurchaseDownloadPartnersSupportCompanyThreat Center
Threat CenterEset Online scannerESET SysInspectorThreatSense® ThreatSense.Net® Security TipsThreat LevelThreat Dictionary
Threat Encyclopaedia
Update infoVirus Radar on your Website
Antivirus Software NOD32 > Threat Center > Threat Encyclopaedia > V

Threat Encyclopaedia

Print this pageSend

Win32/VB.OSV

Aliases:Trojan.Win32.Genome.fcpx (Kaspersky), Trojan:Win32/Bumat!rts (Microsoft), Infostealer (Symantec) 
Type of infiltration:Trojan  
Size:49152 B 
Affected platforms:Microsoft Windows 
Signature database version:4803 (20100125) 

Short description

Win32/VB.OSV is a trojan that steals sensitive information. The trojan is able to log keystrokes. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan copies itself into the following location:
  • C:\WINDOWS\system\MCISEQ.exe
In order to be executed on every system start, the trojan sets the following Registry entries:
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Run]
    "%originalfilename%" = "C:\WINDOWS\system\MCISEQ.exe"
    "mciseq" = "C:\WINDOWS\system\MCISEQ.exe"

Other information

The trojan is able to log keystrokes.

The data is saved in the following file:
  • %windir%\%computername%.txt
The trojan attempts to send gathered information to a remote machine.

The trojan contains a list of (1) addresses.

The FTP protocol is used.