VBS/First is the first virus to use Windows Scripting Host. This is a macro-like technique for Windows 98 and NT 5.0.
Windows Scripting Host macros come in files with VBS and JS extensions. You do not need any MS Office application or Internet Explorer in order to execute these macros - just double-clicking is enough to run them.
When VBS/First is executed, it will locate and infect other VBS macro files.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More scanning & removal options
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Two variants of the VBS/First virus will try to connect to Code Breakers website on the 15th of the month.
The virus is also shows a messagebox like this:
VBSv v2.0 by Lord Natas/CodeBreakers
The VBS/First.C variant (VBSV2.0) is able to infect both VBS and .JS files
Description Details: Katrin Tocheva & Mikko Hypponen