1. /
  2. Security Response/
  3. VBS.VBSWG.AF

VBS.VBSWG.AF

Risk Level 1: Very Low

Discovered:
October 16, 2001
Updated:
February 13, 2007 11:37:29 AM
Also Known As:
VBS/VBSWG.AF, VBS/VBSWG.L
Type:
Worm

VBS.VBSWG.AF is a Visual Basic Script (VBS) threat that can overwrite .vbe or .vbs files with a copy of itself. It attempts to send itself using MAPI email, but the attempt fails due to bugs in the script.

In an attempt to distribute itself using Internet Relay Chat (IRC), it may also modify existing Script.ini files, which are used by the mIRC program.



Additional precautions that you can take
Some threats, such as this one, use the VBScript computer language to run. You can protect yourself from threats that use this language by enabling Script Blocking (Norton AntiVirus 2001/2002) or by disabling or uninstalling the Windows Scripting Host. Because the Windows Scripting Host is an optional part of Windows, it can be safely removed from your computer. (Some programs, however, need Windows Scripting Host in order to function properly.)
  • If you are using Norton AntiVirus 2002, which includes Script Blocking, make sure that Script Blocking is enabled (the default).
  • If you are using Norton AntiVirus 2001, a free program update that includes Script Blocking is available. Please run LiveUpdate to obtain this.
  • For other versions of Norton AntiVirus, SARC offers a tool to disable the Windows Scripting Host.
  • To disable the Windows Scripting Host in Microsoft Outlook Express only, see the Microsoft Knowledge Base document OLEXP: How to Disable Active Scripting in Outlook Express, Article ID: Q192846.

Antivirus Protection Dates

  • Initial Rapid Release version March 10, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version March 10, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low
Writeup By: Patrick Nolan

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver