Home Malware Programs Worms Win32/VBDoc

Win32/VBDoc

Posted: May 29, 2013

Threat Metric

Ranking: 16,964
Threat Level: 1/10
Infected PCs: 1,190
First Seen: May 28, 2013
Last Seen: September 19, 2023
OS(es) Affected: Windows

Win32/VBDoc is a worm that uses advanced means of hiding itself from both the computer user and any anti-malware software. Attacks by Win32/VBDoc worms are limited, but do include security issues, such as attempts to disabling the Windows update feature and preventing you from viewing Hidden-flagged files, which may make your computer vulnerable to attacks by other PC threats. Updated anti-malware products and all relevant security strategies should be used to contain and remove Win32/VBDoc, which has seen regular updates to its configuration throughout the past year.

Win32/VBDoc: Another Obstacle in Keeping Your Backup Storage Malware-Free

Worms like Win32/VBDoc and similar PC threats often use their own means of propagation that involve storing backup copies of themselves on a computer's hard drive, as well as infecting removable hard drives (such as any average USB device) in stealth. One of Win32/VBDoc's latest variants, Win32/VBDoc.H, makes use of the latter technique in an archetypal way: by hiding all the contents of your flash drive and then creating fake files that actually are more copies of Win32/VBDoc – but with the same names, including all file type indicators, as the original files. Only some specific file types are affected by this attack, including media-oriented ones such as MP3, WMV, WAV, PNG, and, of course, common text documents. When the device is plugged in to a new computer, Win32/VBDoc will try to use the Autorun feature (disabled in any updated version of Windows) to infect the computer automatically, but you also may infect the second computer by launching Win32/VBDoc's copycat files.

Win32/VBDoc's means of concealing the original files also prevents you from viewing any files that have been given the Hidden attribute. SpywareRemove.com malware researchers often see this function in a wide variety of other PC threats, which has widespread applicability for concealing many types of malicious software. A second way that Win32/VBDoc interferes with Windows is by disabling the automatic update feature, which allows related malware to take advantage of vulnerabilities that normally would be corrected by incoming security patches.

How Win32/VBDoc Manages to Hide in Plain Sight

Besides the functions Win32/VBDoc displays for concealing copies of itself, Win32/VBDoc also uses multiple functions that are designed to conceal Win32/VBDoc from both actual eyes and the metaphorical eyes of various anti-malware products. Win32/VBDoc will not run on any sandbox-protected PC, keeps its main body encrypted and launches itself automatically as Windows starts. SpywareRemove.com malware researchers particularly emphasize preventing Win32/VBDoc from spreading through removable devices, which, if they've been in contact with a Win32/VBDoc-infected PC, also will need to be disinfected.

As long as your anti-malware software is of a trustworthy brand and is updated for detecting recent threats, you should have the capacity of detect and disable all copies of Win32/VBDoc, including recent variants. However, the regular updates that Win32/VBDoc receives will make detecting Win32/VBDoc with outdated software more of a gamble than is necessary – or wise – for protecting your computer.

Technical Details

Additional Information

The following URL's were detected:
feed.free-streamz.com/
Loading...