- December 20, 2000
- February 13, 2007 11:59:30 AM
VBS.Sorry.A is a Visual Basic Script worm that copies itself to several folders on a computer hard drive and on network drives. The worm also drops an mIRC configuration file that searches for computers infected with the SubSeven Trojan. It then copies itself and executes on computers that it finds are infected with the SubSeven Trojan.
This worm was previously named VBS.Fonts.A
Configure Windows for maximum protection
This virus spreads by using shared folders on networked computers. To ensure that the virus does not reinfect the computer after it has been removed, Symantec suggests sharing with read-only access or using password protection. For instructions on how to do this, see your Windows documentation or the document How to configure shared Windows folders for maximum network protection
Block scripts from running
- If you are using Norton AntiVirus 2001, a free program update that includes Script Blocking is available. Please run LiveUpdate to obtain this.
- For other versions of Norton AntiVirus, SARC offers a tool to disable the Windows Scripting Host.
Antivirus Protection Dates
Initial Rapid Release version December 4, 2000
Latest Rapid Release version September 28, 2010 revision 054
Initial Daily Certified version December 4, 2000
Latest Daily Certified version September 28, 2010 revision 036
Initial Weekly Certified release date pending
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Distribution Level: Medium
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Brian Ewell