Home Education E-BooksTravel Troubleshooting Linux Contact Us About Us
Troubleshooting Tips And Steps
Windows & Hardware Tips
Information On Viruses
Miscellaneous

virus file

VIRUS NAME : VBS/VBSWG.aq@MM

VIRUS NAME : VBS/VBSWG.aq@MM

Virus Characteristics

AVERT has yet to receive a field sample of this threat.

This threat is currently detected as New Script with script heuristics enabled. This threat will be detected as VBS/VBSWG.gen@MM with the 4205 dats. This worm arrives in an email message containing the following information:

Subject: Shakira's Pictures
Body: Hi :
i have sent the photos via attachment
have funn...

Attachment: ShakiraPics.jpg.vbs

When the attachment is run, the script mails itself to all addresses found in the Outlook Address Book and the file c:\mirc\script.ini is overwritten with instructions to send itself to IRC users who join the same channel as the infected user. A message box is displayed.

The script copies itself to the WINDOWS directory and attempts to overwrite .VBS and .VBE files. After the virus runs, it creates the following registry key values:

HKEY_CURRENT_USER\Software\ShakiraPics\mailed=1
HKEY_CURRENT_USER\Software\ShakiraPics\Mirqued=1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Run\Registry=wscript.exe C:\WINDOWS\ShakiraPics.jpg.vbs %

Symptoms

Presense of the registry keys mentioned above

Method Of Infection

This VBScript worm mass-mails itself to all users in the Microsoft Outlook Address book. It also modifies the mIRC script.ini file to spread via IRC and may also overwrite .VBS and .VBE files.

If you are fed up with any virus and not getting solution of it. mail us on amgroup@skillsheaven.com and please provide all the detail about virus.