VB.AS, a variant of VB, is a Trojan. VB.AS collects email addresses and is used by spammers to send emails from infected computers. VB.AS modifies registry keys and shows fake error messages.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
Upon execution, VB.AS, detected as Email-Worm.Win32.VB.as, displays a fake message: "File Error: [number]".
It then creates copies of itself in the following folders as:
It also creates the following registry entries to automatically launch when Windows starts:
Additional registry entry:
It also searches for possible email addresses from all htm files found on the harddrive. All gathered data will be saved in the registry as follows:
Date Created: 2006-10-04 08:15:33.0
Date Last Modified: 2006-10-04 16:06:56.0