1. /
  2. Security Response/
  3. VBS.Redlof.A

VBS.Redlof.A

Risk Level 2: Low

Discovered:
April 16, 2002
Updated:
February 13, 2007 11:38:48 AM
Also Known As:
VBS/Redlof@M [McAfee], VBS.Redlof [AVP], VBS_REDLOF.A [Trend], VBS/Redlof-A [Sophos]
Type:
Virus
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

VBS.Redlof.A is a polymorphic, encrypted, Visual Basic Script virus that infects the .html, .htm, .asp, .php, .jsp, .htt, and .vbs files on all the drives. Depending on the location of the Windows System folder, the virus copies itself to either %Windir%\System\Kernel.dll or %Windir%\System\Kernel32.dll. It changes the default association for the .dll files.


Note: Virus definitions dated prior to February 12, 2004 detect this threat as HTML.Redlof.A.

Antivirus Protection Dates

  • Initial Rapid Release version April 16, 2002
  • Latest Rapid Release version April 30, 2013 revision 007
  • Initial Daily Certified version April 16, 2002
  • Latest Daily Certified version April 30, 2013 revision 017
  • Initial Weekly Certified release date April 17, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Medium
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: Medium
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low
Writeup By: Andre Post

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver