Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
Sent by email.
Worm Redlof is a polymorph virus, which fits in every email sent by the system, without attachment. It is activated when the email is read.
VBS/Redlof.A starts directly from an infected message, using an Internet Explorer security hole, known as Microsoft VM ActiveX Control security hole. For more information and update, see http://www.microsoft.com/technet/security/bulletin/ms00-075.asp.
When activated, the worm infects the file "web\Folders.htt" in Windows installation folder, so that the worm is re-activated every time the folder is opened.
The worm also infects the files with extension: .htm .html .asp .php .jsp .htt .vbs.
Redlof terminates the following applications:
\Program Files\Common Files\Microsoft Shared\Stationery\blank.html \Windows\System\Kernel32.dll \Windows\web\kjwall.gif \Windows\system32\desktop.ini
"blank.html" replaces Outlook and Outlook Express registry settings, that lead the virus with every message sent by an infected system.
Every system start calls the following registry entry:
Description inserted by Crony Walker on Tuesday, June 15, 2004