1. /
  2. Security Response/
  3. VBS.Phybre

VBS.Phybre

Risk Level 1: Very Low

Discovered:
June 8, 2001
Updated:
February 13, 2007 11:59:39 AM
Also Known As:
VBS.Fiber, VBS.Ruzz
Type:
Trojan Horse

VBS.Phybre is Visual Basic Script (VBS) Trojan horse. It copies itself into the \Windows\System folder as VBS.Phybre.vbs and modifies the registry so that this file is executed when Windows starts. If the current minute is :39, then the script's payload is activated as follows:
  • A message is displayed that indicates how many times the script has been run and how many times you have been notified of its presence.
  • It attempts to configure the registry so that the script is executed any time that an .htm or .html file is opened on the computer.


Antivirus Protection Dates

  • Initial Rapid Release version June 8, 2001
  • Latest Rapid Release version June 8, 2001
  • Initial Daily Certified version June 8, 2001
  • Latest Daily Certified version June 8, 2001
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low
Writeup By: Brian Ewell

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver