VBS/First is the first virus to use Windows Scripting Host. This is a macro-like technique for Windows 98 and NT 5.0.
Windows Scripting Host macros come in files with VBS and JS extensions. You do not need any MS Office application or Internet Explorer in order to execute these macros - just double-clicking is enough to run them.
When VBS/First is executed, it will locate and infect other VBS macro files.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
More scanning & removal options
More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Two variants of the VBS/First virus will try to connect to Code Breakers website on the 15th of the month.
The virus is also shows a messagebox like this:
VBSv v2.0 by Lord Natas/CodeBreakers
The VBS/First.C variant (VBSV2.0) is able to infect both VBS and .JS files
Description Details: Katrin Tocheva & Mikko Hypponen