Malware type: VBScript

Aliases: Worm.VBS.Solow.b (Kaspersky), VBS/IE-Title (McAfee), VBS.Solow (Symantec), VBS/IETitle.A (Avira), VBS/Solow-Gen (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This malicious Visual Basic (VB) script arrives via removable drives or as a file downloaded unknowingly by a user when visiting malicious Web sites.

Upon execution, it drops a copy of itself in the Windows folder and in the root folder of the affected system, along with an .INF file.

It creates a registry entry to change the text of Internet Explorer's title bar to:

Hacked by pokemon

It propagates by dropping a copy of itself as BHA.DLL.VBS in the root folder of accessible removable drives. It also drops an AUTORUN.INF file in the same location. The said file is responsible for executing the dropped copy of this malicious script.

For additional information about this threat, see:
Solution
Technical Details

Description created: Mar. 26, 2007 2:44:13 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.