Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:11/12/2006
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low to medium
Damage Potential:Low
Static file:No
IVDF version: - Monday, December 11, 2006

 General Method of propagation:
   • Mapped network drives

   •  Symantec: Trojan Horse
   •  Mcafee: VBS/IE-Title virus
   •  Kaspersky: Worm.VBS.Solow.b
   •  F-Secure: Worm.VBS.Solow.b
   •  Sophos: VBS/Solow-Gen
   •  Panda: VBS/Sasan.A.worm
   •  Grisoft: VBS/Small
   •  VirusBuster: VBS.Solow.C
   •  Eset: VBS/Butsur.B worm
   •  Bitdefender: Worm.VBS.Solow.A

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Drops a malicious file
   • Registry modification

 Files It copies itself to the following locations:
   • %WINDIR%\MS32DLL.dll.vbs
   • %drive%\MS32DLL.dll.vbs

The following file is created:

%drive%\autorun.inf Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: VBS/IETitle.A

 Registry One of the following values is added in order to run the process after reboot:

–  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "MS32DLL"="%WINDIR%\MS32DLL.dll.vbs"

The following registry key is changed:

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   New value:
   • "Window Title"="Hacked by Godzilla"

 File details Programming language:
The malware program was written in Visual Basic.

Description inserted by Andreas Feuerstein on Friday, November 7, 2008
Description updated by Andreas Feuerstein on Friday, November 7, 2008

Back . . . .