VBS.Pet_Tick.N

From Symantec: http://www.symantec.com/avcenter/

"VBS.Pet_Tick.N is a Visual Basic Script (VBS) virus that infects HTML files. It creates the file, %Windir%\mylover.exe, and then modifies the registry so that this file executes upon start up. This file is detected as W95.Pet_Tick.gen.

VBS.Pet_Tick.N appends itself to any HTML files in the \Windows, \My Documents, and \Internet Temporary Folder directories.

With default security settings in Internet Explorer, acknowledge a security warning dialog box before the virus executes.



Also Known As: VBS.Dilna-B, VBS.Dilan
Type: Virus
Infection Length: 14,866 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux


When VBS.Pet_Tick.N is executed, it performs the following actions:

Creates the file, %Windir%\Mylover.exe. This file is detected as W95.Pet_Tick.gen.


Adds the value:

"Lover32"="%WINDIR%\mylover.exe"

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that VBS.Pet_Tick.N runs when you start Windows.


Iterates through the %Windir%, %System%, Temporary, My Documents, and Desktop Folders, searching
for the files with the .HTM and .HMTL extensions. The virus also appends itself to these files.


Due to a bug in the code, the virus will re-infect the files that have already been infected."


Regards, Jade .