BitDefender Antivirus
My BitDefender
Go

VBS.Anti700.A@mm

( N/A )
Spreading: low
Damage: medium
Size: 6K (5669 bytes)
Discovered: 2000 Jan 01

SYMPTOMS:

- The following registry key:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServices\\CUC0O0
with the value: (CUC0O0.VBS)

- The file AntiVirus700.com (1077 bytes) in the Windows System Directory

TECHNICAL DESCRIPTION:

VBS.Anti700.A@mm is a mass-mailer worm containing a DOS virus in its body. The worm was created with a tool SSIWG, and the DOS virus, known as VCS.1077.A, was created in the past with a tool called VCS.

The worm arrives attached to an e-mail with the following format:


Subject: WARNING!!! THIS IS URGENT PLEASE READ.
Attachment: AtiVirus700.txt.vbs
Message:
Your system is in need to be cured from a DEADLY Virus that has been detected on your system.
Virus Name: W97.Hurricane.700
It has infected: Your .COM Files and your .EXE Files
Size: 1234
detectable: NO
disinfectable: YES

please read the .TXT file for further information on how to disinfect the Virus in your system!
WARNING!!!WARNING!!!WARNING!!!WARNING!!!WARNING!!!

signed,
Anti-Virus Company

P.S
for further onfo please contact me at anytime.
AV@hotmail.com



When executed, the worm will save a copy of itself in the Windows System Directory (usually C:\\Windows\\System\\) in a file called CUC0O0.VBS and will create the registry key
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServices\\CUC0O0
pointing to the copy of the virus (CUC0O0.VBS); therefore it will get executed each time Windows is started.

It then drops the DOS virus in a file called AntiVirus700.com in the Windows Sytem Directory and executes it (1077 bytes in size , that contains the same message as the e-mail sent by the \"mother\" virus)
Lastly, it will send itself to all the user\'s contacts in the Outlook Adress Book as an e-mail in the above described format.

Removal instructions:

If you don\'t have BitDefender installed click
here to download an evaluation version.

 1. Make sure that you have the latest updates using
BitDefender Live!;

2. Make the following changes in the windows registry:

Please make sure to
modify only the values that are specified. It is also recommended to backup
the Windows Registry before proceeding with these changes.
a) Select Run... from
the Start menu, then type regedit
and press Enter;
b) Delete following key:

HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServices\\CUC0O0\"


3. Perform
a full scan of your system (selecting, from the Action tab, the option \"Prompt
user for action\"). Choose to delete all the files infected with VBS.Anti700.A@mm.

ANALYZED BY:

Marius Gheroghescu
BitDefender Virus Researcher
Quick Links » New Game Safe » Renew License » Self Service » Free Online Scanner » Press Center
©   2012 BITDEFENDER SiteMap | Legal Terms | Site Feedback | Contact Us | Global Sites | Privacy Policy