This application requires Javascript for optimal performance.

W32/VB.AS!worm.im - Released Dec 30, 2006 - Last Updated Feb 16, 2007

Alias/es

IM-Worm.Win32.VB.as, W32/Generic.worm!im virus, WORM_VB.CGC, W32/Sillyworm.WH, Win32/VB.NJO worm, Trj/Clicker.VZ

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

  • The following files exist:
    • %Windows%\dc.exe
    • %Windows%\SVIQ.EXE
    • %Windows%\Help\Other.exe
    • %Windows%\inf\Other.exe
    • %System%\Fun.exe
    • %System%\WinSit.exe
    • %System%\config\Win.exe

    Detailed Analysis

  • Drops the following files:
    • %Windows%\dc.exe
    • %Windows%\SVIQ.EXE
    • %Windows%\Help\Other.exe
    • %Windows%\inf\Other.exe
    • %System%\Fun.exe
    • %System%\WinSit.exe
    • %System%\config\Win.exe
  • Adds the following registry:
    • key:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • value:dc2k5
    • data: "%Windows%\SVIQ.EXE"
    • key:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • value:Fun
    • data: "%System%\Fun.exe"
    • key:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • value:dc
    • data: "%Windows%\dc.exe"

    Recommended Action

      FortiGate Systems

    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    Reference: ID - 317648