[Malware Review] Pandora’s removable device

Discovered in December 2009, Trojan.VB.Chinky.U has been popping out of removable devices of all kinds and onto computers ever since. And even though it appears as running in Task Manager, it nonetheless cannot be terminated by simply killing its process from the list.

Moreover, the Trojan will be difficult to spot as it disables the “Show hidden files” option in Windows Explorer.

It creates two copies of itself with two different file extensions: an “.exe” one and a “.scr” one, while keeping a previously generated name. Plus it makes copies of itself under random names in the “%Documents and settings%” folder. In order to execute itself repeatedly, Chinky generates a registry key in HKCUSoftwareMicrosoft WindowsCurrentVersion Run%RandomName% with the value %Documents and settings% %UserName% %RandomName%.exe.

Just as most other recent malware, Trojan.VB.Chinky.U also has a worm component which allows it to spread using flash drives and other media, such as USB external hard disks and even mapped drives across the network.

The “autorun.inf” component assures the automatic execution of the “.exe” file and it also changes the icon of the infected removable drive into a Windows standard folder icon. Six more shortcut files pointing to the “.scr” file are created and displayed on the removable drive with different names and icons: New Folder, Passwords, Documents, Music, Documents, and Pictures.

This is not the end of it. The downloader component of Trojan.VB.Chinky.U would subsequently drop and install other e-threats on the infected system, such as backdoors, password stealers, Rogue AV and other offers that are too hot to handle.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.