VBS.Fireburn

Subscribe to Virus Alert
Mailing List

Enter your Email
(Ex : john@company.com)

VBS.Fireburn

Information about the VBS.Fireburn:

VBS.Fireburn is an email worm that is created using the VBScript. VBS.Fireburn will infect Windows 98 and Windows 2000 systems. Windows 95 and Windows NT users also can be affected if the Visual Basic scripting is enabled. The worm spreads through MIRC and MS-Outlook. On opening the infected attachment, it creates a file called "rundll32.vbs" in the Windows folder and modifes the registry at:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

It randomly selects one file of the .VBS files from the list below

Ultra-Hardcore-Bondage.JPG.vbs
Christina__NUDE!!!.JPG.vbs
CuteJany__BigTits!.GIF.vbs
MyGirlfriend__NUDE!.JPG.vbs
Aguiliera__NUDE!!.JPG.vbs
!Jany__Gets-fucked!.GIF.vbs
cute__EmmaPeel!!!.JPG.vbs
Julie17__xxx.GIF.vbs

and checks for existence of MIRC connection to send it as an attachement. The worm also changes the name of the Registered owner. The worm now activates itself on the next boot. In systems where MIRC is already installed, the worm checks for MIRC.INI file to overwrite with its own code. It also writes a file called SCRIPT.INI which contains commands to spread through the active MIRC sessions. It checks for "C:\Programme" folder in German versions of Windows, if it is not found it sends the English version of the mail. The English version of the mail would be :

Hi, how are you?

contents of the mail being:

Hi, look at that nice Pic attached ! Watching it is a must ;)

cu later...

The German version of the mail would be :

"Moin, alles klar?"

contents of the mail being:

Hi, wie geht's dir? Guck dir mal das Photo im Anhang an, ist echt geil ;)

bye, bis dann..

The payload triggers on June 20th for both versions with a display message:

"I'm proud to say that you are infected by FireburN !"

It disables the mouse and keyboard by adding 2 key values in the registry.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ Shut_Up=rundll32 mouse,disable

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ Shut_Up2=rundll32 keyboard,disable

The VBS.Fireburn worm first appeared in May 2000.

Other names of VBS.Fireburn:

The worm is also known as VBS.Fireburn.A, Fireburn

Removing VBS.Fireburn from your computer:

You can remove this worm from your computer by using Protector Plus antivirus software.

Click here to download a 30 day Evaluation Copy of
Protector Plus for your operating system

About Protector Plus Antivirus Software Packages:

Proland Software is the developer of Protector Plus range of antivirus software packages. Protector Plus is available for Windows Vista, Windows 95/98/Me, Windows XP, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS and NetWare servers.

New:
SpamChoke Antispam Software
Download Now!

Protector Plus range of antivirus products offer on-line virus detection and removal. All the packages have the ability to detect and isolate all types of viruses, trojans, worms and other types of malware. Protector Plus antivirus software can detect and remove VBS.Fireburn worm reliably.

These products are updated on a continuous basis and the latest upgrades for all the platforms are made available for downloading from this site.

Click here to order
Protector Plus Antivirus software