VB.AS, a variant of VB, is a Trojan. VB.AS collects e-mail addresses and is used by spammers to send e-mails from infected computers. VB.AS modifies registry keys and shows fake error messages.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Upon execution, VB.AS, detected as Email-Worm.Win32.VB.as, displays a fake message: "File Error: [number]".
It then creates copies of itself in the following folders as:
It also creates the following registry entries to automatically launch when Windows starts:
Additional registry entry:
It also searches for possible e-mail addresses from all htm files found on the harddrive. All gathered data will be saved in the registry as follows:
Description Created: 2006-10-04 08:15:33.0
Description Last Modified: 2006-10-04 16:06:56.0