Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


VBS/REDLOF.A WORM REPORTED IN THE WILD

Virus Name  : VBS/Redlof.A

Alias             : VBS.Redlof , VBS/Redlof@M, Redlof worm, HTML.Redlof.A

Virus type    : VBScript worm

Threat level : Low

Virus details :

                     VBS/Redlof.A is an encrypted Visual basic script worm, uses Microsoft outlook Express to spread. It also infects VBS, HTML, HTM, ASP, PHP, JSP, and HTT files. Redlof infects the stationary file BLANK.HTM of Outlook express to send infected mails.  Due to the increased number of sample submission, we have added a write-up and detailed removal instructions.

                     When viewing the infected mail, the worm code will be executed automatically. It checks for WSCRIPT.EXE in the system. If found, it drops a copy of itself in %system%\kernel.dll and also creates a new key kernel32 in the registry run section to load automatically. %system% refers to the Windows system directory.

                     If WSCRIPT.EXE is not found in your system, it will overwrite Windows system file kernel32.dll file and halts the system from functioning.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Kernel32=%System%\Kernel.dll

                     Redlof also modifies several registry entries to run automatically whenever a DLL file is accessed.

HKEY_CLASSES_ROOT\dllfile\shell\open
HKEY_CLASSES_ROOT\dllfile\ScriptEngine
HKEY_CLASSES_ROOT\dllfile\shellex
HKEY_CLASSES_ROOT\dllfile\ScriptHostEncode

How can I protect my system?

                   Solo has incorporated Redlof in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

To protect your system against infection, install the security patches from the link http://www.microsoft.com/windows/ie/downloads/critical/q323759ie/download.asp
according to your Internet explorer version. Otherwise you can install the latest version of Internet Explorer 6.0.

How to remove this worm?

                   If you found this worm, Run Solo Antivirus and choose clean option on the infected files. When prompted, You have to choose delete option on the worm components. Solo antivirus can detect and remove VBS/Redlof.A worm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VBS, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link