PDA

View Full Version : VBS virus - through Google



Baldy
13-09-2002, 11:21 PM
Does anyone know how long the VBS/Redlof.A virus has been around.

AVG caught it this evening when my daughter was searching Google Images, for photos of the film Sound Of Music for a school project.

BALDY :-)

Gorela
13-09-2002, 11:28 PM
Supposedly first discovered in April. See http://www.symantec.com/avcenter/venc/data/html.redlof.a.html for additional info.

godfather
13-09-2002, 11:28 PM
Detected by Sophos Anti-Virus since May 2002.

Its not that it came "through Google", Google would only have listed the web addresses based on a search. The virus would have been direct from the website. When you visit a website listed by a search engine, the connection is between you and the website, the search engine is not in the loop.

Like looking up a number in the phone book, the call you then make has no connection with the phone book.

Mike
13-09-2002, 11:29 PM
Baldy,

Since at least April 2002. Norton's released their defs for it on April 16, 2002 it seems.

http://www.symantec.com/avcenter/venc/data/html.redlof.a.html

http://www.sophos.com/virusinfo/analyses/vbsredlofa.html

Those two sites tell a little about it.

Mike.

Jim B
13-09-2002, 11:31 PM
Discovered on: April 16, 2002

Baldy
13-09-2002, 11:36 PM
Thanks for the info guys...

AVG picked it up and gave me the "Red Warning Screen" before any damage was done.......

My Daughter got a hell of a fright, followed by a stern warning/lecture from her "know-all" Brother LOL

BALDY:-)

Graham L
14-09-2002, 02:24 PM
A cynic (e.g. me) might suggest that anyone who wants anything to do with The Sound of Music deserves anything they get. ]:)

Yep, google is not to blame, unless it was a cached file ... and I'm sure that they would be careful about what goes on to their disks.

Lurking
06-12-2006, 04:23 PM
AVG 7.1 picked up this old virus yesterday, but would not "vaccinate" it!.

Have deleted all Temporary internet HTML files, where it is supposed to attach itself.

Xtra help records say they don't scan some emails because of "Nested Levels", I presume this is where there is an attachment and another level of attachment on openning the first one!.

How does one know if the VBS virus has been eliminated?.

Thanks for any advice.

Lurking.

Ps. have passed this message onto friends who send these deep level attachs.

lurks.

pcuser42
06-12-2006, 05:15 PM
Eh - this thread is 3 years old, so start a new thread with the information next time.

beama
06-12-2006, 10:07 PM
AVG 7.1 picked up this old virus yesterday, but would not "vaccinate" it!.

Have deleted all Temporary internet HTML files, where it is supposed to attach itself.

Xtra help records say they don't scan some emails because of "Nested Levels", I presume this is where there is an attachment and another level of attachment on openning the first one!.

How does one know if the VBS virus has been eliminated?.

Thanks for any advice.

Lurking.

Ps. have passed this message onto friends who send these deep level attachs.

lurks.

In the path of where AVG says it found this VBS virus, does the word restore appear, if so disable restore points ( which will delete them) reboot and re-enable restore points If you wish.

Virus checkers are able to scan in the system/restore area but not allowed to make changes ie "vaccinate"

Good to see that you used the search function of the forum and tagging on to this thread keeps all the information together making for easier searches for some one else later.

Lurking
07-12-2006, 02:57 PM
beama, thanks for that.

In the AVG window to vaccinate the two items shown, it would keep looping and not perform the operation, so having taken a note of where they were I deleted all the Temp. Internet Files and rebooted.

Everything is running okay.

Met one of the senders of "jokes" at Church this morning and she confessed it was her doing.

Their PC was infected 2 weeks ago and they had their machine cleaned out of viruses by an "expert".

beama, how do we know where this virus is hiding, as the lady would like to know how to get rid of it.

Have told her about forwarding emails from the last nested email containing the atttachment which had the .eml prefix.

Thanks again,

Lurking.