VBS/First is the first virus to use Windows Scripting Host. This is a macro-like technique for Windows 98 and NT 5.0.
Windows Scripting Host macros come in files with VBS and JS extensions. You do not need any MS Office application or Internet Explorer in order to execute these macros - just double-clicking is enough to run them.
When VBS/First is executed, it will locate and infect other VBS macro files.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Two variants of the VBS/First virus will try to connect to Code Breakers website on the 15th of the month.
The virus is also shows a messagebox like this:
VBSv v2.0 by Lord Natas/CodeBreakers
The VBS/First.C variant (VBSV2.0) is able to infect both VBS and .JS files