VBS/Cata-A is a mass-mailing email virus.
The virus may delete image files from network shares.
VBS/Cata-A is a VBS mass mailing virus.
On execution the virus copies itself to the Windows system folder as Manutenzione.xls.vbs and Chktsk32.vbs
VBS/Cata-A also creates the autostart registry entry :
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\FileMgr32
= Wscript.exe Chktsk32.vbs
The virus sends email with the following characteristics to all addresses in the address book.
Subject line:
Vostro ordine
Message text:
Salve, vi mando in allegato il vostro ordine del mese precedente.
Attached file:
Manutenzione.xls.vbs
After sending email the virus sets the following registry entry:
HKCU\Software\WSHWC\Catarro\<email address>=WSHWC
to prevent the virus sending another email to the same address.
VBS/Cata-A looks for any network drive containing a Windows system folder and injects viral code into all VBS and VBE files. The virus also replaces any JPG, HTML, MPG, HTM, DOC and AVI files with a copy of the virus named <original file name>.vbs.
On the 17 January the virus will disable the keyboard and mouse of the infected computer.