Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » VBS/FriendMess.A@mm

Overview

Threat Risk LOW LOW
Destructivity LOW LOW
Payload
Detection files published 07 May 2000 03:00:00
Description created 07 May 2000 03:00:00
Description updated 07 May 2000 03:00:00
Malware type WORM
Alias
Spreading mechanism EMAIL
Summary None

VBS/FriendMess.A@mm

Spreading

n/a

Payload Details

If the attachment is executed, the worm becomes active, and immediately tries to replace AUTOEXEC.BAT file with a copy which will delete all files in the Windows directory, the Windows System directory and the Windows Temp directory. This payload will be executed during next bootup and the author's intention seems to be that Windows will be unable to run and must be reinstalled. In most configuration however, this payload will not have any destructive effect:



Win 95/98: The parameters to the delete command implemented are invalid in these operating systems, thus the commands will not be executed. Win NT: AUTOEXEC.BAT will only run if NT is configured to run this file in the Startup group (or if it is started manually). Win 2000: The attempt to replace AUTOEXEC.BAT is denied.

Analysis

n/a

Removal

To remove this virus delete all infected files. If a computer has been infected, remove AUTOEXEC.BAT. The Visual Basic Script viruses rely on the association between .VBS files and Windows Scripting Host to execute.


Last Updated: 12 Nov 2015 11:06:11