high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Protection available since | 5 March 2007 07:28:07 (GMT) |
| Last updated | 8 April 2009 18:55:15 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for disinfecting macro viruses.
More Information
VBS/Edibara-A is a visual basic script virus.
VBS/Edibara-A will attempt to modify files with htm and html extensions and include a segment of VBScript which will drop a copy of the virus on computer which read the infected htm/html file.
The script will also drop the following files:
<system32>/TPS32E.dll
<system32>/TPS32V.dll
<system32>/Systemv.dll
<system32>/Kernel.exe
<system32>/Kernel.vbs
All of which are detected by VBS/Edibara-A.
VBS/Edibara-A will autostart itself by setting the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Windows
<system32>\Kernel.vbs
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Microsoft Windows
<system32>\Kernel.exe
VBS/Edibara-A will also obtain your email address from Yahoo! Pager information and send an email to your account, with the subject line "Hello", prompting you to visit certain website.
Kernel.exe is a component which will download and execute a file from remote server.
|
