VBS/Joint-A

Posted: December 7, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	916
Threat Level:	5/10
Infected PCs:	172,224

First Seen:	December 7, 2011
Last Seen:	October 17, 2023
OS(es) Affected:	Windows

VBS/Joint-A is a worm that spreads through USB-based devices and creates copies of its files on the majority of drives for any PC that VBS/Joint-A infects. Although VBS/Joint-A uniquely-lacks any major attack functions (such as keylogging or installing other forms of hostile software) to cause further attacks, its automatic propagation strategy is considered malicious, and VBS/Joint-A may also alter your file-viewing settings to conceal files with the Hidden attribute. Due to these properties, SpywareRemove.com malware experts recommend that you take VBS/Joint-A seriously as a danger to your PC and remove VBS/Joint-A with a good anti-malware program, even if VBS/Joint-A lacks any form of payload that could be used to cause further damage.

VBS/Joint-A: A Half-Neutered Nuisance for Your Removable Drives

Most PC security companies have identified VBS/Joint-A only in April of 2011; if you're using anti-malware software with earlier databases than the above date, your software may be unable to identify or delete VBS/Joint-A until it's allowed to download the appropriate patches. Unlike almost all other forms of PC threats, including other types of worms, VBS/Joint-A doesn't launch other attacks on your PC once VBS/Joint-A is installed. Instead, SpywareRemove.com malware analysts note that VBS/Joint-A seems to be content with infecting other computers and remaining passive thereafter. This makes rushing to remove VBS/Joint-A ASAP somewhat unnecessary, although VBS/Joint-A should still be considered potentially-harmful to your PC.

However, VBS/Joint-A's distribution tactic is identical to that of other worms: VBS/Joint-A creates hidden copies of itself on several drives and reinstalls itself if those drives are accessed by another PC. This lets VBS/Joint-A 'piggyback' on USB storage drives and other types of removable devices that are often used by multiple computers. VBS/Joint-A does use four separate files to accomplish this, including a standard Autorun.inf file exploit, and you should be certain to delete all of VBS/Joint-A's files in a system scan instead of just some of them.

VBS/Joint-A's Lone Act of Hostility Against Your PC

SpywareRemove.com malware researchers have also found that, besides using typical worm propagation methods, VBS/Joint-A also uses standard exploits to hide itself by forcing your PC to avoid displaying files that are flagged with the Hidden attribute. This setting change is based on Windows Registry changes that bypass any settings that you may have chosen from within Windows Explorer and prevents you from detecting any of VBS/Joint-A's numerous files with a visual inspection. However, good anti-malware programs that can remove VBS/Joint-A can also undo this exploit which is common for other worms like VBS/Joint-A.

Given that this is the only significant hazard that VBS/Joint-A poses, the threat of VBS/Joint-A to your PC is fairly-low. VBS/Joint-A may be detected by one of its aliases, depending on the brand of your anti-malware scanner; these aliases include VBS/SillyAutorunScript.R, VBS/Autorun.worm.k, Worm:VBS/Autorun.G, Trojan.VBS.Autorun.a, Virus.VBS.AutoRun.b, VBS.Runauto and Worm.Script.VBS.Autorun.y.

VBS/Joint-A

Threat Metric

VBS/Joint-A: A Half-Neutered Nuisance for Your Removable Drives

VBS/Joint-A's Lone Act of Hostility Against Your PC

Leave a Reply