Troj/VB-IW is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
When first run Troj/VB-IW copies itself to:
<System>\word.exe
<Windows>\system\regedit.exe The following registry entries are created to run Troj/VB-IW on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
KV2005
<System>\word.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
KV2005
<System>\word.EXE The Trojan creates a copy of MSWINSCK.OCX with the following filename:
<System>\~sysWord.tam
This file may be deleted.