1. /
  2. Security Response/
  3. VBS.Sorry.D

VBS.Sorry.D

Risk Level 1: Very Low

Discovered:
January 3, 2001
Updated:
February 13, 2007 11:48:15 AM
Also Known As:
VBS.Fonts.C, Mcon, TTFLoader
Type:
Worm

VBS.Sorry.D is a variant of VBS.Sorry.A. It is a Visual Basic Script worm that copies itself to several folders on a computer hard drive and on network drives. The worm also drops an mIRC configuration file that searches for computers infected with the SubSeven Trojan. It then copies itself and executes on computers that it finds are infected with the SubSeven Trojan.

This worm was previously named VBS.Fonts.C.



Configure Windows for maximum protection
Because this virus spreads by using shared folders on networked computers, to ensure that the virus does not reinfect the computer after it has been removed, Symantec suggests sharing with read-only access or using password protection. For instructions on how to do this, see your Windows documentation or the document How to configure shared Windows folders for maximum network protection.



Antivirus Protection Dates

  • Initial Rapid Release version January 8, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version January 8, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Moderate
  • Removal: Moderate

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Medium
Writeup By: Brian Ewell

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver