1. /
  2. Security Response/
  3. VBS.Ztin

VBS.Ztin

Risk Level 1: Very Low

Discovered:
March 11, 2003
Updated:
February 13, 2007 11:44:06 AM
Type:
Worm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

VBS.Ztin is a VBS script that attempts to spread using various peer-to-peer programs. VBS.Ztin may also overwrite .jpg and .jpeg files. The payload of this VBS script includes pinging certain URLs with large packets.



Additional precautions
VBS.Ztin, as well as other threats, use the VBScript computer language to run. You can protect yourself from threats that use this language by enabling Script Blocking (part of Norton AntiVirus 2002/2003 and is available for 2001) or by disabling or uninstalling the Windows Scripting Host. Because the Windows Scripting Host is an optional part of Windows, it can be safely removed from your computer. (However, some programs need this feature installed to properly function.)
  • If you are using any Symantec Enterprise product, such as Symantec AntiVirus Corporate Edition (SAVCE), contact your system administrator for additional information before you disable or uninstall the Scripting Host.
  • If you are using Norton AntiVirus 2002/2003, which includes Script Blocking, make sure that Script Blocking is enabled (the default). This protects you from malicious scripts, making it unnecessary to disable or uninstall the Scripting Host.
  • If you are using Norton AntiVirus 2001, a free program update that includes Script Blocking is available. Run LiveUpdate to obtain this. This protects you from malicious scripts, making it unnecessary to disable or uninstall the Scripting Host.
  • For older versions of Norton AntiVirus, Symantec Security Response offers a tool to disable the Windows Scripting Host.
  • To disable the Windows Scripting Host in Microsoft Outlook Express only, see the Microsoft Knowledge Base document, "OLEXP: How to Disable Active Scripting in Outlook Express," Article ID: Q192846.


Antivirus Protection Dates

  • Initial Rapid Release version March 11, 2003
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version March 11, 2003
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date March 12, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low
Writeup By: Neal Hindocha

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver