Need help? Ask the community or hire an expert.
Go to Avira Answers
Alias:VBS/Redlof, VBS/Redlof@M
Type:Worm 
Size:
Origin: 
Date:00-00-0000 
Damage:Sent by email. 
VDF Version:  
Danger:Low 
Distribution:Low 

DistributionWorm Redlof is a polymorph virus, which fits in every email sent by the system, without attachment. It is activated when the email is read.


Technical DetailsVERSION: Redlof.A
VBS/Redlof.A starts directly from an infected message, using an Internet Explorer security hole, known as Microsoft VM ActiveX Control security hole. For more information and update, see http://www.microsoft.com/technet/security/bulletin/ms00-075.asp.

When activated, the worm infects the file "web\Folders.htt" in Windows installation folder, so that the worm is re-activated every time the folder is opened.
The worm also infects the files with extension: .htm .html .asp .php .jsp .htt .vbs.

Redlof terminates the following applications:
\Program Files\Common Files\Microsoft Shared\Stationery\blank.html \Windows\System\Kernel32.dll \Windows\web\kjwall.gif \Windows\system32\desktop.ini

"blank.html" replaces Outlook and Outlook Express registry settings, that lead the virus with every message sent by an infected system.

Every system start calls the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Kernel32
Description inserted by Crony Walker on Tuesday, June 15, 2004

Back . . . .