Virus

W32/VB.AS!worm.im

Analysis

Drops the following files:

undefinedWindowsundefined\dc.exe
undefinedWindowsundefined\SVIQ.EXE
undefinedWindowsundefined\Help\Other.exe
undefinedWindowsundefined\inf\Other.exe
undefinedSystemundefined\Fun.exe
undefinedSystemundefined\WinSit.exe
undefinedSystemundefined\config\Win.exe

Adds the following registry:

key:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
value:dc2k5
data: "undefinedWindowsundefined\SVIQ.EXE"

key:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
value:Fun
data: "undefinedSystemundefined\Fun.exe"

key:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
value:dc
data: "undefinedWindowsundefined\dc.exe"

Recommended Action

FortiGate Systems

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date	Version	Detail
2022-09-20	90.06160
2022-01-04	89.08393
2021-12-14	89.07763
2021-04-06	85.00256
2021-03-16	84.00752
2020-12-26	82.84000	Sig Updated
2020-06-16	78.20800	Sig Updated
2020-03-20	76.11400	Sig Updated
2019-12-31	74.20000	Sig Updated
2019-11-26	73.35800	Sig Updated

ID	317648
Released	Dec 30, 2006
Description Updated	Feb 16, 2007
Aliases	IM-Worm.Win32.VB.as, W32/Generic.worm!im virus, WORM_VB.CGC, W32/Sillyworm.WH, Win32/VB.NJO worm, Trj/Clicker.VZ
Platform Profile	Win32 file format / PE 32 bit
Profile Type	Worm (worm)