VBS/Roor-C

Category:	Viruses and Spyware	Protection available since:	17 Aug 2011 18:23:36 (GMT)
Type:	Visual Basic Script virus	Last Updated:	17 Aug 2011 18:23:36 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

VBS/Roor-C is a virus that may infect HTML or text files.

VBS/Roor-C infects files with file extension HTM, HTML or HTT.

VBS/Roor-C drops the virus as FOLDER.HTT and an INI file DESKTOP.INI in various locations, including the root folder and the 'My Documents' folder. The virus may also spread to the root folder of other drives.

VBS/Roor-C makes the following changes to the system registry:

HKCU\Software\Microsoft\Internet Explorer\Main
Start Page
about:error

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
error
http://<URL at geocities>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFolderOptions
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
ClassicShell
0

The virus deletes the following registry entry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ExtShellViews
(5984FFE0-28D4-11CF-AE66-08002B2E1262)

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

VBS/Roor-C

Free Mac Anti-Virus

Popular topics