Worm:VBS/Slows.A

Detected by Microsoft Defender Antivirus

Aliases: Worm.VBS.Sasan.a (Kaspersky) VBS/Pica.worm.gen (McAfee) VBS/Solow.I (Norman) VBS/Sasan-C (Sophos) VBS.Solow.B (Symantec) VBS_SOLOW.AJ (Trend Micro)

Summary

Worm:VBS/Slows.A is a worm that copies itself to all logical drives and the Windows folder as ".MS32DLL.dll.vbs". Worm:VBS/Slows.A runs when Windows is started on an infected machine. Worm:VBS/Slows.A also makes certain registry edits to lower security settings on the infected computer.

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

Disable automatic execution of "Autorun" for removable media

Worm:VBS/Slows.A modifies the registry on infected computers to enable the "autoplay" feature for removable drives (and CD/DVD drives). This means the default action is to run instructions specified in the configuration file "autorun.inf" if one exists on drives attached to the system. Worm:VBS/Slows.A creates a malicious "autorun.inf" that attempts to execute the viral VBScript using wscript.exe. By disabling the autoplay feature, the configuration file will not load. More information is available below on how to disable the autoplay feature:

How to Disable the Feature That Allows CD-ROMs and Audio CDs to Run Automatically

How to Enable or Disable Automatically Running CD-ROMs

Worm:VBS/Slows.A

Summary

What to do now

Disable automatic execution of "Autorun" for removable media

Technical information

Threat behavior

Installation

Spreads Via...

Payload

Prevention

Symptoms

System Changes