Need help? Ask the community or hire an expert.
Go to Avira Answers
Alias:VBS/Redlof, VBS/Redlof@M
Damage:Sent by email. 
VDF Version:  

DistributionWorm Redlof is a polymorph virus, which fits in every email sent by the system, without attachment. It is activated when the email is read.

Technical DetailsVERSION: Redlof.A
VBS/Redlof.A starts directly from an infected message, using an Internet Explorer security hole, known as Microsoft VM ActiveX Control security hole. For more information and update, see

When activated, the worm infects the file "web\Folders.htt" in Windows installation folder, so that the worm is re-activated every time the folder is opened.
The worm also infects the files with extension: .htm .html .asp .php .jsp .htt .vbs.

Redlof terminates the following applications:
\Program Files\Common Files\Microsoft Shared\Stationery\blank.html \Windows\System\Kernel32.dll \Windows\web\kjwall.gif \Windows\system32\desktop.ini

"blank.html" replaces Outlook and Outlook Express registry settings, that lead the virus with every message sent by an infected system.

Every system start calls the following registry entry:
Description inserted by Crony Walker on Tuesday, June 15, 2004

Back . . . .