win32.vb.mit [drp] - cve number?

Hello,

I’m trying to help a friend with a virus discovered by Avast.
He had an old computer with no AV on it. He inserted a USB drive and returned to his newer computer where Avast reported the usb drive infected with “win32:vb-mit [drp]”.

We installed Avast on the old one and cleaned the infection. I’m trying to learn some things about win32:vb-mit [drp] but cant find anything in the knowledgebase. Googling variations of win32:vb-mit has not been much help.

Can someone point me to an Avast resource where I might I go backward to a CVE number and find info about this virus?

Thanks -

Rob

It is difficult to get information based on only a malware name as there is no convention or standard malware naming policy. In this case the [drp] is another indication of what it (a dropper) is designed to download/drop files on to the system to further infect it.

This is normally achieved by an autorun.inf file on the USB that tries to run files on the USB, dropping them onto the main system, this malware would be set to run and possibly download more malware. This is a generalisation of what it may be attempting to do.

VirusTotal - 36/38
http://www.virustotal.com/file-scan/report.html?id=41d93eca5aac0fccfc79b2f2415da44e842e71d38af340ed64f0351e4c154ae4-1281499776

and then searching on the Microsoft name since they usually have the best description

VirTool:Win32/VBInject.
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=VirTool:Win32/VBInject

Thanks David and Pondus!

I searched virustotal and got no results - Can I ask, what query did you use there?

Rob

Search Google " win32:vb-mit " hit #3 from top Clean MX

Scroll all the way down, and then scroll sideways to the right to " avast! " and see detection #4 Win32:VB-MIT
Then scroll all the way to the left and find the MD5: 664fd7eff59be612d9799bc013c63156
Then copy the md5 go to VirusTotal, click searc and put in the md5 and you have the detection…if the bug have been uploaded to VT
then copy the microsoft detection name ( without the version ending ) and search it at the microsoft website

You should then have the info on a similar bug(s), but without the md5 from your detection…not 100%

No problem, welcome to the forums.