Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Redlof.B
Technical name:VBS/Redlof.B
Threat level:Low

It does not have any destructive effects. Its only purpose is to spread to as many computers as possible.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Jan. 18, 2003
Detection updated on:May 19, 2006
Proactive protection:
Yes, using TruPrevent Technologies
Repair utility:Panda QuickRemover

Brief Description 


Redlof.B is a polymorphic worm with no destructive effects, whose only purpose is to affect other computers.

In order to do so, Redlof.B copies its code to HTT files, which are used to view system folders as web pages. From that moment on, when affected users open a folder, they will be running the worm without noticing.

In addition, Redlof.B also searches for and affects files with the following extensions: ASP, TML, HTT, HTM, VBS, PHP and JSP.

This worm spreads via e-mail very quickly by hiding its code in the file that serves as stationary for all the messages the affected user sends through the Outlook mail client.

Redlof.B exploits the vulnerability affecting the VM ActiveX component, which allows a virus to be run by viewing a webpage that contains the viral code. More information about this vulnerability as well as the corresponding security patch are available from Microsoft's website.

Visible Symptoms 


Redlof.B is very difficult to recognize, as it does not show any messages or warnings that indicate it has reached the computer.