Discussion in 'malware problems & news' started by Bowserman, Jun 20, 2003.

Thread Status:
Not open for further replies.
  1. Bowserman

    Bowserman Infrequent Poster

    Apr 15, 2003
    South Australia
    From Symantec: http://www.symantec.com/avcenter/

    "VBS.Pet_Tick.N is a Visual Basic Script (VBS) virus that infects HTML files. It creates the file, %Windir%\mylover.exe, and then modifies the registry so that this file executes upon start up. This file is detected as W95.Pet_Tick.gen.

    VBS.Pet_Tick.N appends itself to any HTML files in the \Windows, \My Documents, and \Internet Temporary Folder directories.

    With default security settings in Internet Explorer, acknowledge a security warning dialog box before the virus executes.

    Also Known As: VBS.Dilna-B, VBS.Dilan
    Type: Virus
    Infection Length: 14,866 bytes
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
    Systems Not Affected: Macintosh, OS/2, UNIX, Linux

    When VBS.Pet_Tick.N is executed, it performs the following actions:

    Creates the file, %Windir%\Mylover.exe. This file is detected as W95.Pet_Tick.gen.

    Adds the value:


    to the registry key:


    so that VBS.Pet_Tick.N runs when you start Windows.

    Iterates through the %Windir%, %System%, Temporary, My Documents, and Desktop Folders, searching
    for the files with the .HTM and .HMTL extensions. The virus also appends itself to these files.

    Due to a bug in the code, the virus will re-infect the files that have already been infected."

    Regards, Jade :).
Thread Status:
Not open for further replies.