TROJAN.PINCAV.BPV
Name:
Trojan.Pincav.bpv
Added:
November 29, 2011
Type:
Trojan
Risk:
Low
Payload:
N/A
At risk systems:
Windows 95/98/ME/XP/NT/2003
Malware problems? We can help. Free Removal Tools.
Description:
When Trojan.Pincav.bpv is executed, it performs the following activities:After execution, it drops the following files:%Windir%\aadrive32.exe%Temp%\69779.tmp%Appdata%\C.tmp%Appdata%\D.tmp%Appdata%\E.tmp%RootDrive%\Recycler\<AlphaNumericFolder>\Desktop.ini%RootDrive%\Recycler\<AlphaNumericFolder>\ecleaner.exe%RootDrive%\Recycler\<AlphaNumericFolder>\zaberg.exe%RootDrive%\Recycler\<AlphaNumericFolder>\Desktop.iniIt modifies/creates the following registry entries:Microsoft Driver Setup = "%Windir%\aadrive32.exe"HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\RunTaskman = "%RootDrive%\Recycler\<AlphaNumericFolder>\ecleaner.exe"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogonzaber0 = "%RootDrive%\Recycler\<AlphaNumericFolder>\zaberg.exe"HKU\Software\Microsoft\Windows\CurrentVersion\RunShell = "explorer.exe,%RootDrive%\Recycler\<AlphaNumericFolder>\zaberg.exe"HKU\Software\Microsoft\Windows NT\CurrentVersion\WinlogonThe Trojan.Pincav.bpv disables the Firewall by adding the following registry entry:EnableFirewall = "0"HKLM\System\ControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfileTrojan.Pincav.bpv Spreads Via Removable Drives and Shared drive by droping the files:%RemovableDrive%Autorun.inf%RemovableDrive%Recycler\<AlphaNumericFolder>\zaberg.exe
“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4
