Virus.Win32.VB

Detect Date 04/01/2007
Class Virus
Platform Win32
Description

This primitive Win32 virus is a Windows PE EXE file 28672 bytes in size, written in Visual Basic.

The virus copies itself to a range of folders on the victim machine under a range of names.

Once launched, the virus will cause one of the following fake error messages to be displayed:

Notwithstanding the error messages, the virus will then start to spread on the victim machine.

The virus scans the victim machines for files with an EXE extension. It then copies itself to the folder where each EXE file is located. It will save the copy under the same name as the original EXE file, but will add a single random letter to the beginning of the file name.

Example:

  1. Original file name: notepad.exe
  2. Virus creates a copy called pnotepad.exe

The virus also scans the computer for files with the extensions JPG, AVI and MP3. It will then copy itself to the folders where these files are located, saving the copy with the original file name, but adding an EXE extension.

Example:

  1. Original file name: sample.jpg
  2. Virus creates a copy called: sample.jpg.exe