Removing the .Vbe Virus

By Jackson Lewis

Updated September 28, 2017

The .VBE virus is now known as the “Exploit-OleModule” in anti-virus circles. The virus was discovered in 2006. It exploits a vulnerability in Microsoft’s Visual Basic for Applications through embedding itself in Microsoft Word Documents and Excel spreadsheet files. Once installed on your computer, it has typically brought other malware as a payload which enable remote access to the client computer such as the BackDoor-CZX virus. The Virus also is known through several other aliases such as: “ TROJ_MDROPPER.BI, TROJ_MDROPPER.BJ, TROJ_MDROPPER.BU, W97M_DROPPER.WR, and W97M_EMBED.AB (TrendMicro).” A typical indication of your computer being infected with this virus is the unexpected opening of other files and programs after opening a Word Document or Excel Spreadsheet.

The recommended method to remove the .VBE virus from your computer is to update your anti-virus software program, then conduct a complete computer scan and removal of infected files. On Window’s XP, however, you must also disable the System Restore Utility prior to conducting the virus scan and removal, or the virus will re-appear.

Right Click your “My Computer” icon and select the “Properties” menu selection item. Then left click the “System Restore Tab” on the menu option that appears.

Check the text field that is next to the “Turn Off System Restore on All Drives” menu option and select the “Ok” menu button.

Restart your computer and run a full virus scan and removal of infected files. After the scan and removal is complete, repeat steps 1-3 with removing the check mark in step three to re-enable the computer’s system restore feature.


Although Microsoft has addressed the Visual Basic vulnerability in current releases of their Microsoft Office that the .VBE virus attacked, home computers are still open to attack by this virus if not fully upgraded on all Office products