Social Networks Follow us on Twitter Like us on Facebook You Tube Channel
Threat Encyclopedia Mobile Page
Quick Links
  • Save & Share
  • Choose your country:
VBS_VBSWG.AQ

Malware type: VBScript

Aliases: Shakira, I-WORM.LEE, VBS/VBSWG, VBS.VBSWG.AQ@mm, LEE

In the wild: Yes

Destructive: Yes

Language: English

Platform: Windows

Encrypted: No

Overall risk rating:

Description: 
June 6, 2002: Due to increased virus activity, the risk level of VBS_VBSWG.AQ has been upgraded from Low to Medium.

This Visual Basic Script (VBScript) worm propagates using Microsoft Outlook, an arrives in an email with the following:

Subject: Shakiras Pictures
Message Body: Hi :
i have sent the photos via attachment
have funn
Attachment: ShakiraPics.jpg.vbs

This worm is generated by a worm generator program authored by [K]Alamar.

For additional information about this threat, see:

Description created: May. 28, 2002 6:12:27 PM GMT -0800
Description updated: Jun. 6, 2002 2:30:02 PM GMT -0800


Minimum scan engine version needed: 5.200

Pattern file needed: 1.292.00

Pattern release date: May 28, 2002


Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.

Solution:

  1. Open Registry Editor. Click Start>Run, type REGEDIT then hit the Enter key.
  2. In the left panel, double click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>
    CurrentVersion>Run
  3. In the right panel, locate and delete the registry entry:
    "Registry" = "wscript.exe "%WinDir%\ShakiraPics.jpg.vbs "
    *Where %WinDir% is the Windows directory, which is usually C:\Windows or C:\WINNT.
  4. Again in the left panel, double click the following:
    HKEY_CURRENT_USER>Software
  5. Also in the left panel, locate and delete the registry key:
    ShakiraPics
  6. Restart your computer.
  7. Scan your system with Trend Micro antivirus and delete all files detected as VBS_VBSWG.A and IRC_VBSWG.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.



Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.