porn_pic.vbs - Dangerous
porn_pic.vbs
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
It is a partially encrypted VBS worm that attempts to email itself to every recipient in the Microsoft Outlook address book.
The email has the following characteristics:
Subject: heyy...
Body: Check this file,this is sevenC porn pic & movie
Attachment: Porn_pic.vbs
When it is run, it displays a message containing the following text:
Yesterday my body was attacked by water cow pox they attack my hand,my head,my face they all at my skin
it's hurt you know ?? Very hurt...!! I couldn't go to anywhere
I just stay at home and hope,so that fuckin water cow pox leave my body
Water cow Pox is my enemy...!!
Drops the following files:
C:\Windows\System\Porn_pic.jpg.vbs
C:\Windows\System\OEMINFO.ini
Creates a shortcut on the Windows desktop named Porn_pic.jpg, which points to the Porn_pic.jpg.vbs file.
Adds the different values, such as "NoDrives" = "67108863"; "NoClose" = "1"; "NoFind" = "1"; "NoDesktop" = "1"; "NoRun" = "1" etc.
to the registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
Change IE start page to "sevenc.vze.com"
Automatic removal: Use RegRun Startup Optimizer to remove it from startup.