TROJ_VEEDIEM.B

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It modifies the user's Internet Explorer home page into a certain website. This action allows the malware to point to a website which may contain malware, putting the affected computer at greater risk of malware infection.

It deletes the initially executed copy of itself.

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Trojan adds the following folders:

• %Favorites%\淘宝购物

(Note: %Favorites% is the Favorites folder, where it usually is C:\Documents and Settings\{user name}\Favorites on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\Favorites on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)

It drops the following files:

• %Favorites%\中国最大特产网－特产优联.url
• %Favorites%\天地联盟－您身边的提款机.url
• %Favorites%\电视网 最新最全直播节目.url
• %Favorites%\网上购物 为您省钱.url

(Note: %Favorites% is the Favorites folder, where it usually is C:\Documents and Settings\{user name}\Favorites on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\Favorites on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)

Web Browser Home Page and Search Page Modification

This Trojan modifies the user's Internet Explorer home page to the following websites:

• www.{BLOCKED}3.com.ro

Other Details

This Trojan deletes the initially executed copy of itself