1. /
  2. Security Response/
  3. VBS.Runauto

VBS.Runauto

Risk Level 1: Very Low

Discovered:
March 12, 2007
Updated:
March 12, 2007 5:17:48 PM
Type:
Worm
Infection Length:
1,112 bytes
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
VBS.Runauto is a Visual Basic script worm that copies itself in the root folder of all drives (including removable devices) except floppy drives.

Note: Symantec strongly recommends that customers take specific steps to control the execution of applications referenced in autorun.inf files that may be located on removable and network drives. Threats such as this one frequently attempt to spread to other computers using these avenues. Configuration changes made to a computer can limit the possibility of new threats compromising it. For more information, see the following document:

How to prevent a virus from spreading using the "AutoRun" feature

Antivirus Protection Dates

  • Initial Rapid Release version March 13, 2007
  • Latest Rapid Release version November 28, 2014 revision 008
  • Initial Daily Certified version March 13, 2007
  • Latest Daily Certified version November 28, 2014 revision 018
  • Initial Weekly Certified release date March 14, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low
  • Payload: Copies itself to all drives on the compromised computer.

Distribution

  • Distribution Level: Low
Writeup By: Mircea Ciubotariu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver