VBS.Timofonica

Subscribe to Virus Alert
Mailing List

Enter your Email
(Ex : john@company.com)

VBS.Timofonica

Information about the Timofonica:

Timofonica worm is a rapidly spreading email worm, similar to the Lovetter. This worm infects the systems, which are enabled with Windows scripting Host. This worm arrives as an email attachment TIMOFONICA.TXT.vbs with contents of the mail written in Spanish.

Subject: Telefónica te está engañando.

Es de todos ya conocido el monopolio de Telefónica pero no tan conocido los métodos que utilizó para llegar hasta este punto. En el documento adjunto existen opiniones, pruebas y direcciones web con más información que demuestran irregularidades en compras de materiales, facturas sin proveedores, stock irreal, etc. También habla de las extorsiones y favoritismos a empresarios tanto nacionales como internacionales. Explica también el por qué del fracaso en Holanda y qué hizo para adquirir el portal Lycos. En las direcciones web del documento existen temas relacionados para que echéis un vistazo a los comentarios, informes, documentos, etc. Como comprenderéis, esto es muy importante, y os ruego que reenviéis este correo a vuestros amigos y conocidos.

The message is to ask the reader to read the information about a Spanish telecommuncations company practising a monoplistic trade.

Opening the attachment launches the worm. Primarily it checks for its previous execution, if it has not been executed once it then modifys the regsitry key value to 1 at:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

It creates a file CMOS.COM in the windows SYSTEM directory, which carries CMOS corruption routine. It modifies the registry location at

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

The worm replaces NOTEPAD.EXE and put itself at the location so as to open the infected file on every execution of a file containing .VBS extension.

HKEY_CLASSES_ROOT\VBSFile\Shell\Open\Command=C:\Windows\Notepad.exe

It sends mails with this infected file as attachment to the recipients of MS-Outlook Address book. This is the first worm, which sends messages to email enabled mobile telephones.

Timofonica first appeared in June 2000.

Other names of Timofonica:

This virus is also known as VBS.Telefonica.

Removing Timofonica from your computer:

You can remove this virus from your computer by using Protector Plus antivirus software.

Download the FREE Evaluation copy of Protector Plus antivirus software

About Protector Plus Antivirus Software Packages:

Proland Software is the developer of Protector Plus range of antivirus software packages. Protector Plus is available for Windows Vista, Windows 95/98/Me, Windows XP, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS and NetWare servers.

New:
SpamChoke Antispam Software
Download Now!

Protector Plus range of antivirus products offer on-line virus detection and removal. All the packages have the ability to detect and isolate all types of viruses, trojans, worms and other types of malware. Protector Plus antivirus software can detect and remove Timofonica reliably.

These products are updated on a continuous basis and the latest upgrades for all the platforms are made available for downloading from this site.

Click here to order
Protector Plus Antivirus software