Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

VBS.PassOn

VBS.PassOn

Discovered:
11 April 2001
Updated:
13 February 2007
Also Known As:
VBS/IEstart.gen, IEstart.A, Estart, VBS_IEstart.A

VBS.PassOn is a Visual Basic script, which is stored as either a .vbs file or an .html file. It alters the default home page of Microsoft Internet Explorer.



There are other things that you can do to protect your system from this type of Trojans:

Script Blocking
  • If you are using Norton AntiVirus 2001, a free program update that includes Script Blocking is available. Please run LiveUpdate to obtain this.
  • For other versions of Norton AntiVirus, SARC offers a tool to disable the Windows Scripting Host.


Antivirus Protection Dates

  • Initial Rapid Release version 11 April 2001
  • Latest Rapid Release version 28 September 2010 revision 054
  • Initial Daily Certified version 11 April 2001
  • Latest Daily Certified version 28 September 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

When VBS.PassOn is executed, it changes the default home page of Microsoft Internet Explorer by creating the value:

http://www.passthison.com

in the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main\Start Page


Run LiveUpdate to make sure that you have the most recent virus definitions.
  1. Start Norton AntiVirus (NAV), and run a full system scan, making sure that NAV is set to scan all files.
  2. Delete any files detected as VBS.PassOn.
  3. Start Internet Explorer, and reset the home page to one of your preference.


Writeup By: Serghei Sevcenco