VBS.Sorry.C

VBS.Sorry.C is a variant of VBS.Sorry.A. It is a Visual Basic Script worm that copies itself to several folders on a computer hard drive and on network drives. The worm also drops an mIRC configuration file that searches for computers infected with the SubSeven Trojan. It then copies itself and executes on computers that it finds are infected with the SubSeven Trojan.

Previous definitions detected this as VBS.Fonts.



Configure Windows for maximum protection
Because this virus spreads by using shared folders on networked computers, to ensure that the virus does not reinfect the computer after it has been removed, Symantec suggests sharing with read-only access or using password protection. For instructions on how to do this, see your Windows documentation or the document How to configure shared Windows folders for maximum network protection.

Protection

• Initial Rapid Release version December 4, 2000
• Latest Rapid Release version December 4, 2000
• Initial Daily Certified version December 4, 2000
• Latest Daily Certified version January 15, 2008 revision 017
• Initial Weekly Certified release date pending

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Moderate
• Removal: Moderate

Damage

• Damage Level: Low

Distribution

• Distribution Level: Medium