Date Discovered: 2/12/2004
Date Added: 2/12/2004
Length: 17,847 Bytes
This threat is detected as VBS/Lucave. This VBScript virus code contains errors and some payloads will not be executed. The virus code is encrypted and on executing the infected script, the virus will copy itself to the hard coded directory: c:\windows\alias.jpg.vbs . It will also copy itself to random network drives as [random character]alias.jpg.vbs. Example Falias.jpg.vbs. The virus also attempts to copy itself to random IP sites.
The following registry key will be added:
Run "Gnsys" = C:\windows\alias.jpg.vbs
VBS/Lucave contains mass mailing capabilities, IRC propagation and also utilizing the Windows Management Instrumentation (WMI), but this is not executed due to the error in the virus code.
Pint-size luxury and funky style
Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.