Hacktool.Vanquish Hack Tool

[Brad]

Behavior
Hacktool.Vanquish is a tool that hides all files and folders with the string "vanquish" in their name.

Symptoms
The presence of one or more files detected as Hacktool.Vanquish.

Transmission
The hacktool arrives as an .exe and a .dll file that must be manually installed on the computer.

technical details
File names: vanquish.exe
vanquish.dll

REMOVAL INSTRUCTIONS
See: http://securityresponse.symantec.com/avcenter/venc/data/hacktool.vanquish.html

When Hacktool.Vanquish runs, it does the following:

   1. Creates the mutex "VRTLogMutex".

   2. Adds itself as the following service:

      Service Name: Vanquish
      Service Display Name: Vanquish Autoloader v0.1 beta10

   3. Injects vanquish.dll into all processes.

      Note: The hacktool will not inject the module into processes whose files are hidden, nor does it create and use its own hidden folder.

   4. Hides all files and folders that have the string "vanquish" in their name.

   5. Creates the file C:\vanquish.log.