VBS/Roor-C

Category: Viruses and Spyware Protection available since:17 Aug 2011 18:23:36 (GMT)
Type: Visual Basic Script virus Last Updated:17 Aug 2011 18:23:36 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

VBS/Roor-C is a virus that may infect HTML or text files.

VBS/Roor-C infects files with file extension HTM, HTML or HTT.

VBS/Roor-C drops the virus as FOLDER.HTT and an INI file DESKTOP.INI in various locations, including the root folder and the 'My Documents' folder. The virus may also spread to the root folder of other drives.

VBS/Roor-C makes the following changes to the system registry:

HKCU\Software\Microsoft\Internet Explorer\Main
Start Page
about:error

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
error
http://<URL at geocities>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFolderOptions
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
ClassicShell
0

The virus deletes the following registry entry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ExtShellViews
(5984FFE0-28D4-11CF-AE66-08002B2E1262)

download Try Sophos products for free
Download now