My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

VBS.Breetnee.A@mm

MEDIUM
VERY LOW
10622 bytes
(N/A)

Symptoms

- It spreads through the Outlook to the first address in address book, as an email with the attachment "Britney.chm"

- It writes in registry the key
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\chm"

with the value "1".

Removal instructions:

1. Make sure that you have the latest updates using BitDefender Live!;

2. Make the following changes in the windows registry:
Please make sure to modify only the values that are specified. It is also recommended to backup the Windows Registry before proceeding with these changes.

a) Select Run... from the Start menu, then type regedit and press Enter;
b) Delete following key:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\chm"
3. Perform a full scan of your system (selecting, from the Action tab, the option "Prompt user for action"). Choose to delete all the files infected with VBS.Breetnee.A@mm.

Analyzed By

Mihaela Stoian BitDefender Virus Researcher

Technical Description:

It copies itself in the  "Windows" folder (C:\windows or C:\winnt), with the name "Britney.chm".
It sends an email to the first contact in address book, through the Outlook.

The email has:
Subject:
"RE: Britney Pics"
Body:
"Take a look at these pics...
Regards, "

< user's name >
Attachment:
the virus - a vb-script in a html-page embedded in a chm-file.

In order to send the infected email just once, it creates the registry key
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\chm"
with the value "1".

It also spreads itself through the mIRC. It searches the mirc folder: It searches first the hard disk (drives C:, D:, E: ) in order to find \"mirc.ini\" and second, it searches in registry the key HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ChatFile\DefaultIcon\, in order to find the location of the file "mirc.exe".

If it finds the mIRC folder, it creates there a file, "script.ini", which sends the chm-file through mIRC.