VBS.Valentin
| Aliases | I-Worm.Valentine, VBS.Valentin@mm | ||
|---|---|---|---|
| Typical Symptoms | Sends email,Removes file,Changes Homepage | ||
| Discovered | [korea] 0000-00-00 [Foreign] 2001-02-11 |
||
| Type | Virus | ActiveField | VBS |
| Destory/Distribution |   |
||
| Origin | Spain | Encryption | NO |
| Location | Script | Memory residence | NO |
| Scan engine needed |
2001-06-05 [Able to detect & repair]
|
||
VBS.Valentin is written with Visual Basic Script and spreads via emails. It utilizes the security vulnerability of MS Outlook Express, infecting the system through opening of the email or through Preview Pane. It deletes all folders in C drive on 8th, 14th, 23rd, and 29th of every month and changes the home page of MS Internet Explorer to http://www.terra.es/personal2/sereson VBS.Valentin is written with Visual Basic Script and spreads via emails. It utilizes the security vulnerability of MS Outlook Express, infecting the system through opening of the email or through Preview Pane. It deletes all folders in C drive on 8th, 14th, 23rd, and 29th of every month and changes the home page of MS Internet Explorer to http://www.terra.es/personal2/sereson Upon opening or previewing of the email, 'loveday14-b.hta' is created. This file infects the system at the next boot-up. It infects other users via mIRC during chatting sessions by sending 'MAIN.HTML'. This virus only functions properly under English or Spanish OS. Below is the path: * Spanish Windows C:WINDOWSMen |
Download the latest definitions of 5 June 2001 or above. We recommend that you install the security patches of Outlook and Outlook Express from MS site. Click here to access the website. |
