6K (5669 bytes)
- The following registry key:
with the value: (CUC0O0.VBS)
- The file AntiVirus700.com (1077 bytes) in the Windows System Directory
If you don't have BitDefender installed click here to download an evaluation version.
1. Make sure that you have the latest updates using
2. Make the following changes in the windows registry:
Please make sure to
modify only the values that are specified. It is also recommended to backup
the Windows Registry before proceeding with these changes.
a) Select Run... from
the Start menu, then type regedit
and press Enter;
b) Delete following key:
a full scan of your system (selecting, from the Action tab, the option "Prompt
user for action"). Choose to delete all the files infected with VBS.Anti700.A@mm.
BitDefender Virus Researcher
VBS.Anti700.A@mm is a mass-mailer worm containing a DOS virus in its body. The worm was created with a tool SSIWG, and the DOS virus, known as VCS.1077.A, was created in the past with a tool called VCS.
The worm arrives attached to an e-mail with the following format:
Subject: WARNING!!! THIS IS URGENT PLEASE READ.
Your system is in need to be cured from a DEADLY Virus that has been detected on your system.
Virus Name: W97.Hurricane.700
It has infected: Your .COM Files and your .EXE Files
please read the .TXT file for further information on how to disinfect the Virus in your system!
for further onfo please contact me at anytime.
When executed, the worm will save a copy of itself in the Windows System Directory (usually C:\Windows\System\) in a file called CUC0O0.VBS and will create the registry key
pointing to the copy of the virus (CUC0O0.VBS); therefore it will get executed each time Windows is started.
It then drops the DOS virus in a file called AntiVirus700.com in the Windows Sytem Directory and executes it (1077 bytes in size , that contains the same message as the e-mail sent by the "mother" virus)
Lastly, it will send itself to all the user\'s contacts in the Outlook Adress Book as an e-mail in the above described format.