The Wayback Machine - https://web.archive.org/web/20071028171026/http://www.viruslist.com/viruses/encyclopedia?virusid=25409
|
|
|
|
|
|
Malware Description Search
|
| |
|
|
|
|
|
|
Home
/
Viruses
/
Virus Encyclopedia
/
Malware Descriptions
/
Classic Viruses
/
Script Viruses
/
VBS Viruses
Virus.VBS.Redlof.a
Virus.VBS.Redlof.a
(
Kaspersky Lab
)
is also known as:
VBS.Redlof.a (
Kaspersky Lab
),
VBS/Haptime.gen@MM (
McAfee
), VBS.Redlof.A (
Symantec
), VBS.Redlof (
Doctor Web
), VBS/Haptime-Fam (
Sophos
), VBS/Haptime@mm.gen* (
RAV
), VBS_REDLOF.A-1 (
Trend Micro
), VBS/Redlof.2 (
H+BEDV
), VBS/Haptime.F (
FRISK
), VBS:HapTime (
ALWIL
), VBS/Redlof (
Grisoft
), VBS.Redlof.A (HTML) (
SOFTWIN
), VBS.Redlof-A (
ClamAV
), VBS/Help (
Panda
), VBS/Haptime.A (
Eset
)
Description added
|
Jan 15 2004
|
Behavior
|
VBS Virus
|
VBS. Redlof is written in Visual Basic Script (VBS) and encrypted as VBE (Visual
Basic encoded script). On first being run, it creates a file with its executable
code in the Windows system directory under the name Kernel.dll.
The virus also creates files under the name kjwall.gif in the System32 and
Web directories. The virus also copies itself to all directories on other disks
of the infected computer as folder.htt, a file which configures images and folders
in MS Explorer.
Replication of the virus
The infected file folder.htt gains control and copies itself to all directories
when viewed or opened using MS Explorer. If a directory already contains folder.htt,
the directory will not be infected.
The virus writes itself into all HTM files in the Windows\web directory and
by doing so gains control over the following files when they are opened: iejit.htm,
offline.htm, related.htm, tip.htm, folder.htm, wum.htm.
|
| |
|
|
Copyright © 1996 - 2007
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
|
Email:
webmaster@viruslist.com
|
|