VB.AS, a variant of VB, is a Trojan. VB.AS collects email addresses and is used by spammers to send emails from infected computers. VB.AS modifies registry keys and shows fake error messages.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Upon execution, VB.AS, detected as Email-Worm.Win32.VB.as, displays a fake message: "File Error: [number]".
It then creates copies of itself in the following folders as:
It also creates the following registry entries to automatically launch when Windows starts:
Additional registry entry:
It also searches for possible email addresses from all htm files found on the harddrive. All gathered data will be saved in the registry as follows:
Description Created: 2006-10-04 08:15:33.0
Description Last Modified: 2006-10-04 16:06:56.0