The .VBE virus is now known as the "Exploit-OleModule" in antivirus circles. The virus was discovered in 2006. It exploits a vulnerability in Microsoft's Visual Basic for Applications through embedding itself in Microsoft Word documents and Excel spreadsheet files. Once installed on your computer, it has typically brought as a payload other malware such as the BackDoor-CZX virus that enables remote access to the client computer. The virus also is known through several other aliases: TROJ_MDROPPER.BI, TROJ_MDROPPER.BJ, TROJ_MDROPPER.BU, W97M_DROPPER.WR, and W97M_EMBED.AB (TrendMicro). A typical indication of your computer being infected with this virus is the unexpected opening of other files and programs after opening a Word document or Excel spreadsheet.
Update your antivirus software program, then conduct a complete computer scan and removal of infected files. On Windows XP, however, you must also disable the System Restore Utility prior to conducting the virus scan and removal, or the virus will reappear.
Right click your "My Computer" icon and select the "Properties" menu selection item. Then left click the "System Restore Tab" on the menu option that appears.
Check the text field that is next to the "Turn Off System Restore on All Drives" menu option and select the "OK" menu button.
Restart your computer. Run a full virus scan and removal of infected files. After the scan and removal are complete, repeat steps 1 to 3, removing the check mark in step 3 to reenable the computer's system restore feature.
Tips & Warnings
- Although Microsoft has addressed the Visual Basic vulnerability in current releases of their Microsoft Office that the .VBE virus attacked, home computers are still open to attack by this virus if not fully upgraded on all Office products.