x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

VBS/777

 
Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:VBS/777
Technical name:VBS/777
Threat level:Low
Alias:VBS/777.B¿½
Type:Worm
Subtype: Trojan
Effects:   It allows hackers to enter and attack the affected computer. It spreads and affects other computer.
First detected on:
Detection updated on:Sept. 12, 2002
StatisticsNo
Family:VBS

Brief Description 

    
VBS/777 is an overwrite virus which incorporates VBS/Loveletter code. The virus uses this code to carry out its actions. This virus is 16.199 bytes long and it is written in Visual Basic Script, which means that it requires Windows Scripting Host (WSH) in order to work. This is due to the fact that the VB Script language can only be interpreted if WSH is installed on the system.

Visible Symptoms 

    

On certain occasions symptoms of infection will be very clear and easy to see. Besides having received an e-mail including an attachment (MY-FAREWELL-2-NEWSGROUPS.TXT.VBS), the virus overwrites all the files with TXT and DOC extensions and displays an obscene picture created with ASCII characters.

Moreover, the real payload of this virus consists of the execution of the VBS/Loveletter worm. Once the virus has been executed, the worm copies itself to the Windows/System directory with the following names: MSKERNEL32.VBS and MY-FAREWELL-2-NEWSGROUPS.TXT.VBS. Additionally, it also copies itself to the Windows directory as a file called WIN32DLL.VBS.