commdlg.vbs - Dangerous
commdlg.vbs
Manual removal instructions:
Antivirus Report of commdlg.vbs:
commdlg.vbs
Moridin
This is a multi-platform virus infecting Win32 systems.
The virus infects Win32 executable files, MS Word documents, and spreads via e-mail through IRC channels as well as infecting the local network.
The virus also has Backdoor ability:
- opens and closes CD door
- downloads and spawns a file
- terminates itself (backdoor routine)
- displays a message, the message box headline contains some text
The virus can be found in several forms:
- infected PE EXE file
- EXE helper
- infected Word documents
- VBS script
- IRC sctiprs
While spreading via e-mail through the network and IRC channels, the worm names its copies as: CRACK.EXE, PACKED.EXE, SETUP.EXE, NETX.EXE, and INIT.EXE.
The COMMDLG.VBS file contains VBScript that spreads the virus on the Internet via e-mail messages by connecting to MS Outlook, obtains all addresses from the Address Book and sends its copy (the PACKED.EXE file) here attached to the message.
The virus then modifies the system registry keys.
The virus deletes the following anti-virus data files:
CHKLIST.MS CHKLIST.DAT CHKLIST.CPS CHKLIST.TAV AGUARD.DAT AVGQT.DAT ANTI-VIR.DAT SMARTCHK.MS SMARTCHK.CPS IVP.NTZ AVP.CRC
The virus also disables the macro-virus protection in the system registry, as well as looks for anti-virus memory resident programs and terminates them:
AVP Monitor
Amon Antivirus Monitor
Norton AntiVirus Auto-Protect Trial Version
Norton AntiVirus Auto-Protect
Use RegRun Startup Optimizer to remove it from startup.
commdlg.vbs | Malware |
commdlg.vbs | Dangerous |
commdlg.vbs | High Risk |
This is a multi-platform virus infecting Win32 systems.
The virus infects Win32 executable files, MS Word documents, and spreads via e-mail through IRC channels as well as infecting the local network.
The virus also has Backdoor ability:
- opens and closes CD door
- downloads and spawns a file
- terminates itself (backdoor routine)
- displays a message, the message box headline contains some text
The virus can be found in several forms:
- infected PE EXE file
- EXE helper
- infected Word documents
- VBS script
- IRC sctiprs
While spreading via e-mail through the network and IRC channels, the worm names its copies as: CRACK.EXE, PACKED.EXE, SETUP.EXE, NETX.EXE, and INIT.EXE.
The COMMDLG.VBS file contains VBScript that spreads the virus on the Internet via e-mail messages by connecting to MS Outlook, obtains all addresses from the Address Book and sends its copy (the PACKED.EXE file) here attached to the message.
The virus then modifies the system registry keys.
The virus deletes the following anti-virus data files:
CHKLIST.MS CHKLIST.DAT CHKLIST.CPS CHKLIST.TAV AGUARD.DAT AVGQT.DAT ANTI-VIR.DAT SMARTCHK.MS SMARTCHK.CPS IVP.NTZ AVP.CRC
The virus also disables the macro-virus protection in the system registry, as well as looks for anti-virus memory resident programs and terminates them:
AVP Monitor
Amon Antivirus Monitor
Norton AntiVirus Auto-Protect Trial Version
Norton AntiVirus Auto-Protect
Use RegRun Startup Optimizer to remove it from startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.