My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

VBS.Anti700.A@mm

LOW
MEDIUM
6K (5669 bytes)
(N/A)

Symptoms

- The following registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\CUC0O0
with the value: (CUC0O0.VBS)

- The file AntiVirus700.com (1077 bytes) in the Windows System Directory

Removal instructions:

If you don't have BitDefender installed click here to download an evaluation version.

1. Make sure that you have the latest updates using
BitDefender Live!;

2. Make the following changes in the windows registry:

Please make sure to
modify only the values that are specified. It is also recommended to backup
the Windows Registry before proceeding with these changes.

a) Select Run... from
the Start menu, then type regedit
and press Enter;
b) Delete following key:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\CUC0O0\"



3. Perform
a full scan of your system (selecting, from the Action tab, the option "Prompt
user for action"). Choose to delete all the files infected with VBS.Anti700.A@mm.

Analyzed By

Marius Gheroghescu BitDefender Virus Researcher

Technical Description:

VBS.Anti700.A@mm is a mass-mailer worm containing a DOS virus in its body. The worm was created with a tool SSIWG, and the DOS virus, known as VCS.1077.A, was created in the past with a tool called VCS.

The worm arrives attached to an e-mail with the following format:


Subject: WARNING!!! THIS IS URGENT PLEASE READ.
Attachment: AtiVirus700.txt.vbs
Message:
Your system is in need to be cured from a DEADLY Virus that has been detected on your system.
Virus Name: W97.Hurricane.700
It has infected: Your .COM Files and your .EXE Files
Size: 1234
detectable: NO
disinfectable: YES

please read the .TXT file for further information on how to disinfect the Virus in your system!
WARNING!!!WARNING!!!WARNING!!!WARNING!!!WARNING!!!

signed,
Anti-Virus Company

P.S
for further onfo please contact me at anytime.
AV@hotmail.com



When executed, the worm will save a copy of itself in the Windows System Directory (usually C:\Windows\System\) in a file called CUC0O0.VBS and will create the registry key
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\CUC0O0
pointing to the copy of the virus (CUC0O0.VBS); therefore it will get executed each time Windows is started.

It then drops the DOS virus in a file called AntiVirus700.com in the Windows Sytem Directory and executes it (1077 bytes in size , that contains the same message as the e-mail sent by the  "mother" virus)
Lastly, it will send itself to all the user\'s contacts in the Outlook Adress Book as an e-mail in the above described format.