Discovered: December 20, 2000
Updated: February 13, 2007 11:59:30 AM
Type: Worm
To repair damage done by the worm, you need to complete the following tasks:
- Delete all files that Norton AntiVirus (NAV) detects as infected by VBS.Sorry.A.
- Restore the Internet Explorer Start Page if desired.
- Delete or the registry entries made by the worm.
Please refer to the appropriate sections for instructions on complete each task.
To delete the infected files:
- Run LiveUpdate to make sure that you have the most recent virus definitions.
- Start NAV and run a full system scan. Unless you are using NAV 2001, make sure that NAV is set to scan all files.
- Delete any files that are detected as infected with VBS.Sorry.A.
To restore the Internet Explorer Start Page:
- Start Internet Explorer, and go the Web page that you want to set as your home page.
- Click Tools, and then click Internet Options.
- In the Home page section of the General tab, click "Use Current."
To remove the registry entries made by the worm:
CAUTION: We strongly recommend that you back up the system registry before making any changes to it. Incorrect changes to the registry may result in permanent data loss or corrupted files. Be sure to modify the specified keys only. See the document How to back up the Windows registry before proceeding.
- Click Start, and then click Run. The Run dialog box appears.
- Type regedit and then click OK. The Registry Editor opens.
- Browse to and select the following subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- In the right pane, locate and delete the following value:
tfload = wscript.exe windows\fonts\ttfload.vbs
- Browse to and select the following subkey:
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
- In the right pane, locate and delete the following value:
Timeout = 0
- Close the Registry Editor.
Writeup By: Brian Ewell
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine