high
Summary
Summary
More Information
| Affected operating systems | Windows |
|---|---|
| Included in our products from | March 2008 (4.27) |
| Protection available since | 5 March 2007 07:28:07 (GMT) |
| Last updated | 18 January 2008 18:45:54 (GMT) |
| Detected by | All Sophos products |
More Information
- Summary
- More Information
VBS/Edibara-A is a visual basic script virus.
VBS/Edibara-A will attempt to modify files with htm and html extensions and include a segment of VBScript which will drop a copy of the virus on computer which read the infected htm/html file.
VBS/Edibara-A will also obtain your email address from Yahoo! Pager information and send an email to your account, with the subject line "Hello", prompting you to visit certain website.
VBS/Edibara-A will attempt to modify files with htm and html extensions and include a segment of VBScript which will drop a copy of the virus on computer which read the infected htm/html file.
The script will also drop the following files:
<system32>/TPS32E.dll
<system32>/TPS32V.dll
<system32>/Systemv.dll
<system32>/Kernel.exe
<system32>/Kernel.vbs
All of which are detected by VBS/Edibara-A.
VBS/Edibara-A will autostart itself by setting the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Windows
<system32>\Kernel.vbs
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Microsoft Windows
<system32>\Kernel.exe
VBS/Edibara-A will also obtain your email address from Yahoo! Pager information and send an email to your account, with the subject line "Hello", prompting you to visit certain website.
Kernel.exe is a component which will download and execute a file from remote server.
|
