Site Map
Services
Policy
Help Desk
Community
Public
Chalkboards
Business Online
Assorted Links
Downloads
Kid Stuff
Net Users
Mac Users
Dyer County
Lake County
Obion County
Lauderdale Co.
Missouri
 
 



Virus

While surfing the Internet your computer is in danger of a multitude of virus trojan, and spyware programs that can eat up your hard drive, destroy data, send a virus to everyone in your Address book and more!  It is of the utmost importance that you have a GOOD anti-virus program and regularly install new updates to your antivirus software.    Trend Micro,   Norton,   McAfee,   F-Prot,   (and others) are all good ... they have monthly downloads that you can get that installs the update for you!

An excellent write-up on Spyware and associated programs for removal can be found at www.io.com/~cwagner/spyware.html.

If you use Microsoft e-mail programs for your mail, visit their Critical Updates section to be sure that you have the latest protection for your mail box! The reason for this is that sometimes a virus can sneak in and wreck havoc on your computer and send an e-mail message that is c0ntaminated to everyone in your guest book!
It is important to have your virus program scan your hard drive regularly!  Here at ECS we have one on each computer and it scans the most important files at start-up! Read the HELP files to see what options you can set for security against virus.
We will list urgent announcments on our home page so check it regularly to see what is lurking around out there just itching to dine on your hard drive! 

NOTE....don't just simply open any attachment that arrives in your e-mail box - EVEN if you know the person it says it came from. Most of todays virus arrive FROM someone who has your address in their mail program (mom, dad, brother, sister, friend). To insure your computer stays healthy, always question any file or attachement that you have not SPECIFICALLY discussed with THAT person!

Extra-Tools

You also might want to check out some of the extra tools that are available to help cut down on Spyware and hijacking software at our extra-tools section



W32.Sasser.Worm

Discovered on: April 30, 2004
Last Updated on: May 02, 2004 02:33:48 PM

W32.Sasser.Worm is a worm that attempts to exploit the MS04-011 vulnerability. It spreads by scanning randomly-chosen IP addresses for vulnerable systems.

Also known as: W32/Sasser-A, Sasser, W32/Sasser.worm, Win32.Sasser.A, W32.Sasser.Worm
For more information, please check:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.A
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125012

Symantec has a removal tool for the worm located here.


W32.Beagle.B@mm

Discovered on: February 17, 2004
Last Updated on: February 17, 2004 05:12:21 PM

W32.Beagle.B@mm is a mass-mailing worm that opens a backdoor on TCP port 8866.

The email has the following characteristics:
Subject: ID <6 random characters>... thanks
Attachment: <7 random characters>.exe

Also known as:
W32.Alua@mm, Win32/Bagle.B.Worm [Computer Associates], Bagle.B [F-Secure], W32/Bagle.b@MM [McAfee], W32/Bagle.B@mm [Norman], WORM_BAGLE.B [Trend Mirco], W32/Bagle.B.worm [Panda], W32/Tanx-A [Sophos]

For more information, please check:
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.B
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101030

W32.Mimail.I@mm

Discovered on: November 13, 2003
Last Updated on: November 18, 2003 03:56:07 AM

W32.Mimail.I@mm is a mass-mailing worm that attempts to steal credit card information. The worm displays a form that asks the user to enter their credit card information. (See the "Technical Details" section for an illustration of a fake "PayPal Secure Application" window.) This information is saved and later emailed to several predetermined email addresses.

Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES
Attachment: paypal.asp.scr -or- www.paypal.com.scr

Note: Virus definitions dated prior to November 17, 2003 may detect this threat as W32.Paylap@mm or W32.Mimail.H@mm.

Also Known as:
W32.Paylap@mm
W32.Mimail.H@mm
W32/Mimail-I [Sophos]
WORM_MIMAIL.I [Trend]
Win32.Mimail.I [Computer Associates]
W32/Mimail.i@MM [McAfee]
I-Worm.Mimail.i [Kaspersky]

For more information, please check:
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.i@mm.html


W32.Mimail.C@mm

Discovered on: October 31, 2003
Last Updated on: October 31, 2003 10:54:19 AM

Symantec Security Response is currently analyzing a new variant of the Mimail worm which spreads via email. The email will have the following characteristics:

Subject: Re[2]: our private photos [random string]
Attachment: photos.zip

Note: %s refers to a variable string.
This worm attempts to exploit a vulnerability in Internet Explorer which allows a script to execute in the Local computer. Previously it was reported that this vulnerability was addressed by a Microsoft patch, but this undetermined at this time. For additional information please see http://www.securityfocus.com/bid/6961.
The worm is UPX packed.
Additional information will be provided as analysis continues.
For more information please check:
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.c@mm.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.C


W32.Sobig.B@mm (Palyh)

Some of the most recent virus are:




W32.Sobig.F@mm

Discovered on: August 19, 2003
Last Updated on: August 19, 2003 09:45:51 AM PDT

W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses that it finds in the files with the following extensions:
.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt

The worm utilizes it's own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares.

Email Routine Details
The email message has the following characteristics:
From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender).

The worm may use the address admin@internet.com as the sender.
Subject:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details

Body:
See the attached file for details
Please see the attached file for details.

Attachment:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

NOTE: The worm deactivates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.

For more information and removal instructions, please check:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

W32.Welchia.Worm

Discovered on: August 18, 2003
Last Updated on: August 18, 2003 01:33:28 PM

W32.Welchia.Worm is a worm that exploits multiple vulnerabilities:

Exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit.

Exploits the WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit.

For more information, please check:
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.html

W32.Blaster.Worm

Discovered on: August 11, 2003
Last Updated on: August 17, 2003 05:34:00 PM

W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm targets only Windows 2000 and Windows XP machines. While Windows NT and Windows 2003 Server machines are vulnerable to the aforementioned exploit (if not properly patched), the worm is not coded to replicate to those systems. This worm attempts to download the msblast.exe file to the %WinDir%\system32 directory and then execute it. The worm has no mass-mailing functionality. Additional information, and an alternate site from which to download the Microsoft patch is available in the Microsoft article What You Should Know About the Blaster Worm and Its Variants.

For more information, please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Mimail.A@mm

Discovered on: August 01, 2003
Last Updated on: August 01, 2003 11:04:19 AM

Symantec Security Response is currently analyzing a new worm which spreads via email. The email will have the following characteristics:

Subject: your account %s
Attachment: message.zip

Note: %s refers to a variable string.
This worm attempts to exploit a vulnerability in Internet Explorer which allows a script to execute in the Local computer. Previously it was reported that this vulnerability was addressed by a Microsoft patch, but this undetermined at this time. For additional information please see http://www.securityfocus.com/bid/6961.
The worm is UPX packed.
Additional information will be provided as analysis continues.
For more information please check:
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.a@mm.html
http://www.f-secure.com/v-descs/mimail.shtml

W32.Sobig.B@mm (Palyh)

Discovered on: May 18, 2003
Last Updated on: May 19, 2003 10:06:02 AM

W32.Sobig.B@mm is a mass-mailing worm that sends itself to all the email addresses that it finds in the files with the following extensions:
.wab
.dbx
.htm
.html
.eml
.txt
Also Known As: W32.HLLW.Mankx@mm, W32/Palyh@MM [McAfee], W32/Palyh-A [Sophos], I-Worm.Palyh [KAV], WORM_PALYH.A [Trend], Win32.Palyh.A [CA]
For more information please check:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.b@mm.html
http://www.f-secure.com/v-descs/palyh.shtml

W32.HLLW.Fizzer@mm

Discovered on: May 08, 2003
Last Updated on: May 12, 2003 05:44:10 AM

W32.HLLW.Fizzer@mm is a mass-mailing worm that sends itself to all contacts in the Windows Address Book. It contains a backdoor that uses mIRC to communicate with a remote attacker. It also contains a keylogger. Symantec Security Response is currently analysing this threat in more detail and will post more information as it becomes available.

Due to the number of submissions received from customers, Symantec Security Response is upgrading this threat from a Category 2 to a Category 3 threat.

For more information, please check:

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fizzer@mm.html

W32.Bugbear.A - 02 October, 2002

Discovered on: October 02, 2002
Last Updated on: October 02, 2002 04:14:45 PM PDT

W32.Bugbear.A is a mass-mailing worm, that uses its own SMTP engine to send itself to email addresses that it finds in the any Microsoft Windows files. The email message with a variety of subjects and might have a variety of attachment names, but in all cases the attachment will have a "hidden" extension (EG: samples.doc.scr" (double extension)).

Subject: ((various))
Attachments: ((various names))

For more information please check:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUGBEAR.A http://www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html http://vil.nai.com/vil/content/v_99728.htm http://www.f-prot.com/news/vir_alert/bugbear.html


W32.Frethem.E@mm - 11 June, 2002

Discovered on: June 11, 2002
Last Updated on: June 18, 2002 04:14:45 PM PDT

W32.Frethem.E@mm is a worm, and is a variant of W32.Frethem.B@mm. It uses its own SMTP engine to send itself to email addresses that it finds in the Microsoft Windows Address Book and in .dbx files. The email message arrives with the following characteristics.
Subject: Re: Your password!
Attachments: Decrypt-password.exe and Password.txt

For more information, Please check:
http://www.symantec.com/avcenter/venc/data/w32.frethem.e@mm.html
http://vil.nai.com/vil/content/v_99519.htm
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRETHEM.K

W32.Klez.A@mm - 15 April, 2002

Discovered on: October 25, 2001
Last Updated on: April 15, 2002 at 05:12:59 PM PDT

W32.Klez.A@mm is a mass-mailing email worm. It attempts to copy itself into folders on both local and network drives.
The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
The worm also inserts the virus W32.ElKern.3326. W32.ElKern.3326 can also infect W32.Klez.A@mm.
Finally, the worm executes its payload on the 13th of January, March, May, July, September and November. The payload causes files on local and mapped drives to become zero bytes in size.
For more information, check:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.a@mm.html
http://vil.nai.com/vil/content/v_99367.htm

The W32.Klez removal tool from Symantec is mirrored on our site at pub/virus/klez/FixKlez.com if you prefer to download it locally.

W32.Klez removal instructions are available here: Klez Removal ( www.ecsis.net/service/virus/klez-removal.html )

W32.MyLife.B@mm - 21 March, 2002

Discovered on: March 21, 2002
Last Updated on: March 25, 2002 at 12:24:16 PM PST

Due to increased submissions, Symantec Security Response has upgraded W32.MyLife.B@mm to a Category 3.

W32.MyLife.B@mm is a mass-mailing worm that uses Microsoft Outlook to spread to all addresses in the Outlook address book.
It copies itself to C:\Windows \System\Cari.scr and may delete files, depending on the system time.
NOTE: Definitions dated prior to March 22, 2002 will detect this as W32.Caric@mm.

Damage:
Payload Trigger: If the worm is run when the system time is between 8:00 A.M. and 9:00 A.M.

Payload:
Large scale e-mailing: Send itself to all addresses in the Microsoft Outlook address book.
Deletes files: Attempts to delete the files on C:\*.*, *.sys, *.vxd, *.ocx, *.nls, d:\*.*, e:\*.*, f:\*.*

For more information, check:
http://www.symantec.com/avcenter/venc/data/w32.mylife.b@mm.html
http://vil.nai.com/vil/content/v_99414.htm


W32.Myparty@mm - 28 January, 2002

Discovered on: January 26, 2002
Last Updated on: January 28, 2002 at 02:54:23 PM PST

W32.Myparty@mm is a mass-mailing email worm. It has the following characteristics:
Subject: new photos from my party!
Message:
Hello!
My party... It was absolutely amazing! I have attached my web page with new photos! If you can please make color prints of my photos. Thanks!
Attachment: www.myparty.yahoo.com

The worm sends email to all contacts in your Windows address book, and to email addresses that if finds in the Outlook Express Inboxes and folders.
In addition, the worm sends a message to the author so that the author can track the worm.
On NT/2000/XP systems, the worm drops a backdoor Trojan that allows a hacker to control your system. NAV will detect this as Backdoor.Myparty.
Finally, if the file name of the worm is Access., it may launch your Web browser to http:/ /www.disney.com. However, the worm does not contain code which can generate a file with the name Access., so it is highly unlikely that this will trigger.

For more information, check:
http://securityresponse.symantec.com/avcenter/venc/data/w32.myparty@mm.html
http://vil.nai.com/vil/content/v_99332.htm


JS.Gigger.A@mm - 09 January, 2002

Discovered on: January 9, 2002
Last Updated on: January 11, 2002 at 10:45:22 AM PST

JS.Gigger.A@mm is a worm written in JavaScript. It uses Microsoft Outlook and mIRC to spread. It attempts to delete all files on the computer and to format drive C if the computer is successfully restarted.

JS.Gigger.A@mm arrives as an email message that has the following characteristics:
Subject: Outlook Express Update
Message: MSNSofware Co.
Attachement: Mmsn_offline.htm

For more information, check:
http://securityresponse.symantec.com/avcenter/venc/data/js.gigger.a@mm.html
http://www.europe.f-secure.com/v-descs/gigger.shtml
http://vil.nai.com/vil/content/v_99301.htm


Win32/Reeezak.Worm - 19 December, 2001

Discovered on: December 14, 2001

Reeezak is a mass-mailer spreading through Microsoft Outlook. The worm attaches itself to an email with the subject line "Happy New Year", and attachment name "Christmas.exe" (37,376 bytes) carrying a Flash Animation icon. The message body reads:
Hii
I can't describe my feelings
But all i can say is
Happy New Year :)
bye

A few payloads observed so far:
Keyboard input is disabled.
Files deleted from Windows System directory.
Ineternet Explorer default start page is changed to point to a web page that is hosted on http://geocities.com domain.
For more information, check:
Computer Associates
OR:
http://securityresponse.symantec.com/avcenter/venc/data/w32.reeezak.a@mm.html

W32.Goner.A@mm - 04 December, 2001

Discovered on: December 4, 2001
Last Updated on: December 4, 2001 at 11:21:17 AM PST

W32.Goner.A@mm is a mass-mailing worm that is written in Visual Basic. The worm has been compressed using a known Portable Executable (PE)* file compressor. The worm can spread its infection using the ICQ network as well as by email using Microsoft Outlook. If IRC is installed, this worm can also insert mIRC scripts that will enable the computer to be used in Denial of Service (DOS) attacks.
Please check:
http://securityresponse.symantec.com/avcenter/venc/data/w32.goner.a@mm.html


W95/Badtrans.B@mm - 24 November, 2001

Discovered on: November 24, 2001
Last Updated on: November 24, 2001 at 12:19:48 PM PST

W32.Badtrans.B@mm is a MAPI worm that emails itself out as one of several different file names. This worm also drops a backdoor trojan that logs keystrokes.
Please check:
http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html
http://www.f-secure.com/v-descs/badtrans.shtml

UPDATE: 27 November 2001
Due to the increased rate of submissions, Symantec Security Response has upgraded the threat level of this worm from level 3 to level 4 as of November 26, 2001.

Keep your Anti-Virus software up to date. Beyond that, it is also a good idea to disable the more exotic file extensions on clients where they are not used.

Make sure Outlook is patched (see below) and to ensure that you have updated your IE Browser to ensure that you're running IE 5.01 SP2, IE 5.5 SP2, or IE 6.0 to be sure that you're not vulnerable or apply the patch the patch found at: http://www.microsoft.com/technet/security/bulletin/MS01-027.asp

W32.Aliz.Worm - 20 November, 2001

Discovered on: May 22, 2001
Last Updated on: November 20, 2001 at 12:38:49 PM PST

W32.Aliz.Worm is a very simple SMTP mass mailer worm. The worm is written in assembly and is additionally packed.
The worm propagates by obtaining email addresses from the Windows Address Book and sending itself to those addresses.
When the worm arrives by email, the worm uses a MIME exploit allowing the virus to be executed just by reading or previewing the file. Information and a patch for this exploit can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

Please check:
http://securityresponse.symantec.com/avcenter/venc/data/w32.aliz.worm.html

UPDATE: 27 November 2001
A patch for the Win9X W32ALIZ.WORM vulnerability can be found at: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

W32.Delalot.Trojan - 11 November, 2001

Discovered on: November 11, 2001
Last Updated on: November 19, 2001 at 09:01:35 AM PST

W32.Delalot.Trojan is a simple Trojan horse that starts itself as a service to run invisibly and then attempts to delete all files on drives C, D, E, F, and A, in that order.

Please check:
http://securityresponse.symantec.com/avcenter/venc/data/w32.delalot.trojan.html


W32.Nimda.E@mm - 29 October, 2001

Discovered on: October 29, 2001
Last Updated on: October 30, 2001 at 02:04:37 PM PST

Due to an increase in submissions, Symantec Security Response is upgrading the threat assessment of W32.Nimda.E@mm from Category 2 to Category 3.
Certified Virus Definitions have been posted
W32.Nimda.E@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and other modifications, which are designed to prevent detection of this variant by antivirus programs.
This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of file names used by the worm.

The attachment received has been changed to: Sample.exe
The dropped .dll file is now: Httpodbc.dll
The worm now copies itself to the \Windows\System folder as Csrss.exe instead of Mmc.exe
NOTE: Norton AntiVirus already detects Infected HTML files as W32.Nimda.A@mm (html).

Please check:
http://www.symantec.com/avcenter/venc/data/w32.nimda.e@mm.html



W32.vote.a@mm - 24 September, 2001

Discovered on: September 24, 2001
Last Updated on: September 24, 2001 at 09:56:49 PM PDT

Security experts on Monday warned of a brand new virus masquerading as a program that will allow people to vote whether the United States should go to war over the deadly Sept. 11 hijacker attacks, but which deletes computer files instead.

W32.Vote.A@mm is a mass-mailing worm that is written in Visual Basic. When executed, it will email itself out to all email addresses in the Microsoft Outlook address book. The worm will insert two .vbs files on the system, and it will also attempt to delete files from several antivirus products. (symantec)

The "Vote Virus" is spreading via e-mail to users of Microsoft Corp.'s Outlook e-mail program, said Simon Perry, vice president of security solutions at Computer Associates International Inc.

Please check:
http://www.symantec.com/avcenter/venc/data/w32.vote.a@mm.html
http://www.mcafee.com/anti-virus/viruses/vote/default.asp?cid=2464

Characteristics:
Subject: Fwd:Peace BeTweeN AmeriCa and IsLaM!

Message:
Hi
iS iT A waR Against AmeriCa Or IsLaM !?
Let's Vote To Live in Peace!

Attachment: WTC.EXE




W32.Nimda.A@mm - 18 September, 2001

Discovered on: September 18, 2001
Last Updated on: September 18, 2001 at 04:51:49 PM PDT
Symantec Security Response has received a number of submissions on W32.Nimda.A.@mm and is rating it as a Category 4.
W32.Nimda.A@mm is a new mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by email, searches for open network shares, attempts to copy itself to unpatched or already vulnerable Microsoft IIS web servers, and is a virus infecting both local files and files on remote network shares.
As of 07:45pm, 18 September, 2001 - no patches or fixes are available.
Please check:
http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html for more information.




W32.Sircam.Worm@mm - 17 July, 2001

Discovered on: July 17, 2001
Last Updated on: July 19, 2001 at 06:56:06 PM PDT
SARC has upgraded the threat level of W32.Sircam.Worm@mm from 3 to 4, due to its increased rate of submissions. W32.Sircam.Worm@mm contains its own SMTP engine, and propagates in a manner similar to the W32.Magistr.Worm.
This worm arrives as an email message with the following content:
Subject: The subject of the email will be random, and will be the same as the file name of the attachment in the email.
EX:
I send you this file in order to have your advice
I hope you can help me with this file that I send
I hope you like the file that I sendo you
This is the file with the information that you ask for

Please check:
http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html
http://vil.mcafee.com/dispVirus.asp?virus_k=99141&
Don't tip your hat to the SirCam wormFrom ZDNet.
A news article fron ZDNET Interactive



W32.MsWorld@mm - 06 June, 2001

Discovered on: June 5, 2001
Last Updated on: June 5, 2001 at 03:19:27 PM PDT
W32.MsWorld@mm is a massmailing Visual Basic worm. It uses a Macromedia Flash presentation to mask its malicious intentions. It attempts to modify the Autoexec.bat file to format the C drive the next time that the computer is restarted. It also attempts to delete the Windows registry files.
Please check: http://www.symantec.com/avcenter/venc/data/w32.msworld@mm.html
http://vil.mcafee.com/dispVirus.asp?virus_k=99099&



W32.Badtrans.13312@mm - 09 May, 2001

Also Known As: W32/Badtrans-A, W32/Badtrans@MM, BadTrans, IWorm_Badtrans, I-Worm.Badtrans, TROJ_BADTRANS.A
Discovered on: April 11, 2001
Last Updated on: May 8, 2001 at 08:39:43 AM PDT
Due to an increase in the number of submissions, W32.Badtrans.13312@mm has been upgraded to a Category 4 threat. It is a MAPI worm that replies to all unread mails in your email message folders, and drops a backdoor Trojan.
Please check:
http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312@mm.html
http://vil.mcafee.com/dispVirus.asp?virus_k=99069&



VBS.VBSWG2.X@mm - 08 May, 2001

Also Known As: VBS.VBSWG2.D@mm, VBS.HomePage
Discovered on: May 8, 2001
Last Updated on: May 8, 2001 at 05:10:04 PM PDT
VBS.VBSWG2.X@mm is an encrypted VBScript Worm that uses a known exploit to send itself to all recipients in an infected user's Outlook Address Book. It also has the payload of opening a website that contains pornographic contents. Symantec AntiVirus Research Center will be releasing new virus definitions to detect this virus. It is currently estimated to be available at 8:00 PM (PST) on May 8, 2001.
Please check:
http://www.symantec.com/avcenter/venc/data/vbs.vbswg2.x@mm.html
http://vil.mcafee.com/dispVirus.asp?virus_k=99082&




W32.Naked@mm - 06 March, 2001

Also known as:W32.HLLW.JibJab@mm
Discovered on: March 6, 2001
Last Updated on: March 6, 2001 at 03:20:12 PM PST
W32.Naked@mm is a mass mailing worm that disguises itself as flash movie. The attachment is named NakedWife.exe. This worm, after it has attempted to email everyone in the Microsoft Outlook address book, will attempt to delete several system files. This will leave the system unusable, requiring a re-install.
Please check:
Symantec Anti-virus - W32.Naked@mm
McAfee Anti-virus - W32/Naked@MM



VBS.SST@MM - 13 Feburary, 2001

Also known as:VBS.Lee-o, VBS.OnTheFly
Discovered on February 12, 2001
Last Updated on: February 12, 2001 at 01:47:42 PM PST
VBS.SST@mm is a VBS email worm that has been encoded using a virus creation kit. The worm arrives as an attachment named AnnaKournikova.jpg.vbs When executed, the worm emails itself to everyone in your Microsoft Outlook book. On January 26, the worm will attempt to direct your Web browser to an Internet address located in The Netherlands.
Please check:
Symantec Anti-virus - VBS.SST@MM
McAfee Anti-Virus - VBS.SST@MM



"W32.Hybris.gen"

Also known as: W32.Hybris.22528.dr, W32/Hybris.gen@M, I-Worm.Hybris
Discovered on: September 25, 2000
Last Updated on: November 16, 2000 0 9:52:35 AM PST
W32.Hybris is worm that spreads by email as an attachment to outgoing emails.
When the worm attachment is executed, the WSOCK32.DLL file will be modified or replaced. This will give the worm the ability to attach itself to all outbound email. The email attachment will have a random name but the filename extension is either EXE or SCR)...For more information on this "WORM", please check: Symantec Anti-Virus - W32.Hybris.gen Worm
Lycos Anti-Virus Center
McAfee Anti-Virus - W32.Hybris.gen Worm



"WSCRIPT KAK Worm"

This virus "worm" is currently getting to the "rampant" stage and can cause serious problems with your windows machine. By default, the "worm" is designed to shutdown Windows on the first of the month at 5 PM. For more information on the "WSCRIPT KAK Worm" virus and its variants, please check here:



"Love Letter"

For more information on the "Love Letter" virus and its variants, please check here: Love Letter



"Prilissa"

A new Milissa-like virus is spreading quickly.  Network Associates announced ten Fortune 500 companies have been hit with the W97/Priscilla virus which takes advantage of security holes in Micorsoft Outlook and Outlook Express.  If opened, the virus emails itself to the first fifty people in yoru address book.. The virus arrives in the form of an email with the subject line "Mesage from (Office 97 user name)".  The message body of the email says "This document is very important and you've GOT to read this!!!"  Opening the attached document will infect your computer.  The virus itself won't go off until Christmas Day, at which point it will run a destructive payload reformatting your hard drive.  A fix is available at the Network Associates Web Site. More information on Norton's W97 M/Prilissa warning page. It is highly important that you go update your Anti-Virus software program.
 



VBS.Stages.A

A new virus named VBS.Stages.A was discovered over the weekend.  The virus attempts to email a copy of itself to everyone in your Microsoft Outlook address book.  It also attempts to spread itself using IRC, mIRC, and PIRCH. The email contains an attachment named LIFE_STAGES.TXT.SHS.  The subject line of the email is randomly generated. There are 12 possibilities for the subject line of the email, which will include one of the following phrases:
 * Life Stages
 * Funny
 * Jokes
Once LIFE_STAGES.TXT.SHS is executed, a text file will be opened in Notepad displaying the male and female stages of life.  A script is executed in the background, which makes some changes to your system. The worm creates several files in the \WINDOWS\SYSTEM\ folder:
SCANREG.VBS, VBASET.OLB, and MSINFO16.TLB. 
The worm modifies the registry to run the worm on startup.  A randomly named file is added  to the root directory of all mapped drives, the \My Documents folder, and the \Windows\Start Menu\Programs folder. If you receive an email that matches this description, please delete it immediately.
For complete information regarding this virus, please point your  browser to:
 http://www.symantec.com/techsupp/vURL.cgi/nav47



"Pretty Park"

The "Pretty Park" Virus is going around again. 
If you receive this e-mail do NOT open it! 
The following links will help remove it from your system.
http://vil.nai.com/vil/vpe10175.asp
http://vil.mcafee.com/vil/wm98500.asp

Norton's Site

Advice

The best advice we can give you is to never open an .exe file that arrives in  your e-mail box even if it's from someone you KNOW until you contact that  person and ask them if they sent you a file!   Don't "open" anything you are  unsure of to insure your computer's good health!  Keep your virus updates current...most offer free monthly updates so be sure to get the updates!
If you use Microsoft Outlook Express for your E-Mail, and you have not gone to the Microsoft product Update area to check for critical updates, please do so asap!  They have "fixes" for the mail program to help protect your computer. 
   


E-Mail Guest BookFeedbackHome


ECS Mascot..."Scratch"
Electronic Communication Systems
640-I Highway 51 ByPass East
Dyersburg, TN 38024
Phone: (731) 285-5936 Fax: (731) 285-2240