Home Education E-BooksTravel Troubleshooting Linux Contact Us About Us
Troubleshooting Tips And Steps
Windows & Hardware Tips
Information On Viruses
Miscellaneous

virus file

VIRUS NAME : VBS/Jord.a

VIRUS NAME : VBS/Jord.a

Virus Characteristics

This threat is detected as W32/Trilisa.vbs. The virus copies itself as ORD.doc.vbs, ORD_photo.jpg.vbs and JERRY.vbs to the Windows Font directory. It then edits the following registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Please...,
\JERRY.vbs"

Checks to see if the value of
HKEY_CURRENT_USER\Control Panel\International\iCountry = 34, and if not creates the key
"HKEY_LOCAL_MACHINE\Software\Singapore","0". If the registry key does equal 34, then the virus creates the key
"HKEY_LOCAL_MACHINE\Software\Singapore","1"

If the registry key "HKEY_LOCAL_MACHINE\Software\Singapore" does not equal 1, the virus then proceeds with the damaging payload routine. The following files are deleted from fixed, network, and RAM Disk drives:

*.ace
*.asf
*.asm
*.arj
*.avi
*.bmp
*.doc
*.gb
*.gba
*.gbc
*.gif
*.jpeg
*.jpg
*.js
*.lhz
*.log
*.mdb
*.mid
*.mod
*.mov
*.mp
*.mp2
*.mp3
*.mpeg
*.mpg
*.pdf
*.ppt
*.rar
*.rm
*.rtf
*.smc
*.txt
*.wav
*.wp
*.xls
*.zip
regedit.*
regedb32.*

If day is 12th of June, a message will be displayed.

Symptoms

The above message displayed and the list of files deleted. Also the presence of the following files in the Windows Font directory:

ORD.doc.vbs, ORD_photo.jpg.vbs and JERRY.vbs

Method Of Infection

Executing one of these files ORD.doc.vbs, ORD_photo.jpg.vbs or JERRY.vbs

If you are fed up with any virus and not getting solution of it. mail us on amgroup@skillsheaven.com and please provide all the detail about virus.