Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

VBS.Droto

VBS.Droto

Discovered:
18 January 2002
Updated:
13 February 2007

This Visual Basic Script is embedded in HTML. It attempts to infect the Microsoft Word Normal.dot file, but due to errors in the code, the Normal.dot is infected, but is non-viral.

This script, when run, copies itself to the Microsoft Word Normal.dot file. It also attempts to overwrite all .html, .htm, and .txt files with itself; the virus code contains bugs, however, and the overwriting fails.

When a Microsoft Word document is closed, the virus intends to write itself to the file C:\Windows\Media\Windrv.htm and then overwrite all .html, .htm, and .txt files again.

Run LiveUpdate to make sure that you have the most recent virus definitions.
  1. Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files.
  2. Run a full system scan.
  3. Delete all files that are detected as VBS.Droto.
  4. If any files are detected as infected by Macro Component, click Repair.


Writeup By: Dave Adamczyk