Mar 12

VBS.Autill

By admin
Add comments
Virus
 
Name VBS.Autill
Type Worm
Affected Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Risk Level 1: Very Low
Discovered March 10, 2008
Update March 10, 2008 4:55:47 PM
Length 1,688 bytes
Virus Info VBS.Autill is a worm that spreads by copying itself to all drives on the compromised computer.
Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Deletes Files: Delete all files containing a .VBS extension.

Distribution

  • Distribution Level: Low
  • Target of Infection: Copies itself to all drives of the compromised computer.

Writeup By: John Canavan
Details >VBS.Autill

To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.

  1. Click Start > Run.
  2. Type regedit
  3. Click OK.

    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

  4. Restore the following registry entries to their original values, if required:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Userinit” = “%System%\userinit.exe, %System%\wscript.exe %System%\killVBS.vbs”
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Window Title” = ” “
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Start Page” = ” “
    • HKEY_CLASSES_ROOT\vbsfile\”DefaultIcon” = “%SystemRoot%\System32\WScript.exe,2″
  5. Exit the Registry Editor.

    Note: If the risk creates or modifies registry subkeys or entries under HKEY_CURRENT_USER, it is possible that it created them for every user on the compromised computer. To ensure that all registry subkeys or entries are removed or restored, log on using each user account and check for any HKEY_CURRENT_USER items listed above.

Writeup By: John Canavan

Save this article to PDF.

"Free Scan VBS.Autill

Print This Virus article Print This Virus article

This entry was posted on Wednesday, March 12th, 2008 at 1:38 am and is filed under Virus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

You must be logged in to post a comment.