[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [New Search]

RE: [T3] READ THIS.


I'm an IS Technician burning midnight oil *right now* fighting this very
infection.  It's real, and it *SUCKS*.

	-----Original Message-----
	From:	Steve Glavas [SMTP:steveglavas@email.com]
	Sent:	Thursday, June 10, 1999 6:03 PM
	To:	Yvonne; Xiao Xiao; Wobal@aol.com; Wanjiku Gichimu; Wade T;
vwparts; vwhaus; vw1600tl@webtv.net; van Abel, Mischa ;
type3-request@vwtype3.org; type3@vwtype3.org; Twomey, Penny ; Towfighi,
Bahman ; Tony Towfighi; Ton Klerks; Timo Maas (E-mail); Theresa Deane; The
Phantom Menace; Teresia Gichima; techsupport@quantsystems.com; Taylor, Darin
G; Tara Joanne Stamper; Sung, Meng-Tzu ; Steve Glavas; Steve Glavas;
stans4@ix.netcom.com; Squareback; Siegert, Andreas; Siegert, Andreas; Sharon
Murphy; Shahram Emami; Scott Renfrew; Schwerdtfeger, Christoph; Schikhof,
Wouter; Schikhof, Captain Activity; Sandin, Karl-Olov; Samantha Barton;
Sakelson, Roy 'El Boy'; Sakelson, Rachel; Ruth Sinnwell; Rob Gulickx; Rob
Geurtse; Ria Engelbertink; Quaintance, Paul; pvu@networks.com; Philip
Bittner; Peter Gratzinger; Peter Gratzinger; Paul Vu; Paul Vu; Paul de Nijs;
Owen Schikhof; Ol7Suiegel;
NetscapeSoftwareStore@netcenter.netscape.com;
netcenter-promotions@netcenter.netscape.com; Nelson, Vikki ; ned; Nathan
Jacobsen; Nadine; Mousumi Banujer; Minh Nguyen; Milan Patel; Meglinky,
Laetitia; Dan Wood; Janelle Rynes; James Proctor; Jim Towle; Charla Markus;
Jana Miles; Guang Liu; Daniel Jin; Max; Matt Lieber; Margaret; Marcel Veraa;
Marc Mattheus IJpelaar; Luke, Perry; Louis fabregue; Lauren Imwalle; Lauren
Clymer; LaGalbo, Regina; Klas Winberg; Khan, William; Ketelaar, Wauter ;
Ketelaar, Wauter; Katell Gourmelen; Kate Cook; Joost Berkers; Joanne
Macduff; Jilco Schuurmans; Jeanette Thrner; Jason Mooth; Jannie Ouwerkerk;
jadney@vwtype3.org; Jacqui Stack; Jackie, Elardo; Jaap Berkers; IJpelaar,
Marc; Hallman, Jonas ; IAN CHILDERS; Hinard, Laurent; Hinard, Laurent;
Heather; Gubler, Daniela; Gordon, Gregg; Glavas, Xenophon ; Glavas, Steve ;
Glavas, Steve; Glavas, Matt and Erika; Giampiero Poddigho; Garcia, Carol ;
Colville, Kerry Louise ; Fabregue II, Louis; Evetts, Laura; Erkson, Toby;
English, Tricia L; Elin Carlsson; David Yaghoubian; daniel@crescentec.com;
csglavas@email.com; Corinne Kapel; clncrew@erols.com; Christina Penrose;
Chris Murray; Chace, Grandma and Grandpa; Carrie; Carolin, Robert ;
Carlsson, Carin Elin; Bunte, Eva; Brian and Shannon; Bo Carlsson; Bernede,
Christophe ; BERNEDE , CHRISTOPHE; Bas Verhoofstad; Bahman Towfighi;
Arenbalk, Stefan ; Annemiek van Alphen; Anneke Roosma; Alison O' Riordan;
aidan collins
	Subject:	[T3] READ THIS.

	I just want to warn you about a REAL virus.  Please forward the
information
	to everyone you know.  This is a very serious virus.

	Check out www.zdnet.com if you don't believe it.  Text follows:

	the worm e-mails itself out as an attachment with the file name
	"zipped_files.exe." The body of the e-mail message hides within an
e-mail
	correspondence.

	How it works
	When a user sends an e-mail to an infected desktop, he or she will
receive a
	response that contains the virus payload. The message header will
appear the
	same but the text inside: changed. It will say:

	"Hi (Recipient Name)!

	I received your email and I shall send you a reply ASAP.

	Till then, take a look at the attached zipped docs.

	Bye"

	Once the attachment is executed, a computer will likely display a
fake error
	message. The worm then copies itself to the C:\WINDOWS\SYSTEM
directory with
	the file-name "Explore.exe" and then modifies the WIN.INI file so
the
	program is executed each time Windows is started.

	When it is executed, the worm searches drives C: through Z: of a
computer
	and selects a series of files to destroy based on file extensions
(including
	.h, .c, .cpp, .asm, .doc, .xls, .ppt) by making them zero bytes long
--
	wiping out data.

	To get rid of the worm, Symantec advises users to remove the line
	run=C:\WINDOWS\SYSTEM\Explore.exe from the WIN.INI file and delete
the file
	"C:\WINDOWS\SYSTEM\EXPLORE.EXE." If the file is in use, users may
need to
	reboot first.

	Both Symantec and Network Associates have posted anti-virus updates
on their
	home pages to deal with the new worm.




	-------------------------------------------------------------------
	Search old messages on the Web!  Visit http://www.vwtype3.org/list/


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [New Search]