 |
||||||||
|
|
Site Map Services Policy Help Desk Community Public Chalkboards Business Online Assorted Links Downloads Kid Stuff Net Users Mac Users Dyer County Lake County Obion County Lauderdale Co. Missouri
|
|
VirusAn excellent write-up on Spyware and associated programs for removal can be found at www.io.com/~cwagner/spyware.html. If you use Microsoft e-mail programs for your mail, visit their Critical Updates section to be sure that you have the latest protection for your mail box! The reason for this is that sometimes a virus can sneak in and wreck havoc on your computer and send an e-mail message that is c0ntaminated to everyone in your guest book! It is important to have your virus program scan your hard drive regularly! Here at ECS we have one on each computer and it scans the most important files at start-up! Read the HELP files to see what options you can set for security against virus. We will list urgent announcments on our home page so check it regularly to see what is lurking around out there just itching to dine on your hard drive! NOTE....don't just simply open any attachment that arrives in your e-mail box - EVEN if you know the person it says it came from. Most of todays virus arrive FROM someone who has your address in their mail program (mom, dad, brother, sister, friend). To insure your computer stays healthy, always question any file or attachement that you have not SPECIFICALLY discussed with THAT person! Extra-ToolsYou also might want to check out some of the extra tools that are available to help cut down on Spyware and hijacking software at our extra-tools sectionW32.Sasser.WormLast Updated on: May 02, 2004 02:33:48 PM W32.Sasser.Worm is a worm that attempts to exploit the MS04-011 vulnerability. It spreads by scanning randomly-chosen IP addresses for vulnerable systems. Also known as: W32/Sasser-A, Sasser, W32/Sasser.worm, Win32.Sasser.A, W32.Sasser.Worm For more information, please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.A http://us.mcafee.com/virusInfo/default.asp?id=description&virus;_k=125012 Symantec has a removal tool for the worm located here. W32.Beagle.B@mmLast Updated on: February 17, 2004 05:12:21 PM W32.Beagle.B@mm is a mass-mailing worm that opens a backdoor on TCP port 8866. The email has the following characteristics: Subject: ID <6 random characters>... thanks Attachment: <7 random characters>.exe Also known as: W32.Alua@mm, Win32/Bagle.B.Worm [Computer Associates], Bagle.B [F-Secure], W32/Bagle.b@MM [McAfee], W32/Bagle.B@mm [Norman], WORM_BAGLE.B [Trend Mirco], W32/Bagle.B.worm [Panda], W32/Tanx-A [Sophos] For more information, please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.B http://us.mcafee.com/virusInfo/default.asp?id=description&virus;_k=101030 W32.Mimail.I@mmLast Updated on: November 18, 2003 03:56:07 AM W32.Mimail.I@mm is a mass-mailing worm that attempts to steal credit card information. The worm displays a form that asks the user to enter their credit card information. (See the "Technical Details" section for an illustration of a fake "PayPal Secure Application" window.) This information is saved and later emailed to several predetermined email addresses. Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES Attachment: paypal.asp.scr -or- www.paypal.com.scr Note: Virus definitions dated prior to November 17, 2003 may detect this threat as W32.Paylap@mm or W32.Mimail.H@mm. Also Known as: W32.Paylap@mm W32.Mimail.H@mm W32/Mimail-I [Sophos] WORM_MIMAIL.I [Trend] Win32.Mimail.I [Computer Associates] W32/Mimail.i@MM [McAfee] I-Worm.Mimail.i [Kaspersky] For more information, please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.i@mm.html W32.Mimail.C@mmDiscovered on: October 31, 2003Last Updated on: October 31, 2003 10:54:19 AM Symantec Security Response is currently analyzing a new variant of the Mimail worm which spreads via email. The email will have the following characteristics: Subject: Re[2]: our private photos [random string] Attachment: photos.zip Note: %s refers to a variable string. This worm attempts to exploit a vulnerability in Internet Explorer which allows a script to execute in the Local computer. Previously it was reported that this vulnerability was addressed by a Microsoft patch, but this undetermined at this time. For additional information please see http://www.securityfocus.com/bid/6961. The worm is UPX packed. Additional information will be provided as analysis continues. For more information please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.c@mm.html http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.C W32.Sobig.B@mm (Palyh)W32.Sobig.F@mmLast Updated on: August 19, 2003 09:45:51 AM PDT W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses that it finds in the files with the following extensions: .dbx .eml .hlp .htm .html .mht .wab .txt The worm utilizes it's own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares. Email Routine Details The email message has the following characteristics: From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may use the address admin@internet.com as the sender. Subject: Re: Details Re: Approved Re: Re: My details Re: Thank you! Re: That movie Re: Wicked screensaver Re: Your application Thank you! Your details Body: See the attached file for details Please see the attached file for details. Attachment: your_document.pif document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif NOTE: The worm deactivates on September 10, 2003. The last day on which the worm will spread is September 9, 2003. For more information and removal instructions, please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html W32.Welchia.WormLast Updated on: August 18, 2003 01:33:28 PM W32.Welchia.Worm is a worm that exploits multiple vulnerabilities: Exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit. Exploits the WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit. For more information, please check: http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.html W32.Blaster.WormLast Updated on: August 17, 2003 05:34:00 PM W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm targets only Windows 2000 and Windows XP machines. While Windows NT and Windows 2003 Server machines are vulnerable to the aforementioned exploit (if not properly patched), the worm is not coded to replicate to those systems. This worm attempts to download the msblast.exe file to the %WinDir%\system32 directory and then execute it. The worm has no mass-mailing functionality. Additional information, and an alternate site from which to download the Microsoft patch is available in the Microsoft article What You Should Know About the Blaster Worm and Its Variants. For more information, please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html W32.Mimail.A@mmLast Updated on: August 01, 2003 11:04:19 AM Symantec Security Response is currently analyzing a new worm which spreads via email. The email will have the following characteristics: Subject: your account %s Attachment: message.zip Note: %s refers to a variable string. This worm attempts to exploit a vulnerability in Internet Explorer which allows a script to execute in the Local computer. Previously it was reported that this vulnerability was addressed by a Microsoft patch, but this undetermined at this time. For additional information please see http://www.securityfocus.com/bid/6961. The worm is UPX packed. Additional information will be provided as analysis continues. For more information please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.a@mm.html http://www.f-secure.com/v-descs/mimail.shtml W32.Sobig.B@mm (Palyh)Discovered on: May 18, 2003Last Updated on: May 19, 2003 10:06:02 AM W32.Sobig.B@mm is a mass-mailing worm that sends itself to all the email addresses that it finds in the files with the following extensions: .wab .dbx .htm .html .eml .txt Also Known As: W32.HLLW.Mankx@mm, W32/Palyh@MM [McAfee], W32/Palyh-A [Sophos], I-Worm.Palyh [KAV], WORM_PALYH.A [Trend], Win32.Palyh.A [CA] For more information please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.b@mm.html http://www.f-secure.com/v-descs/palyh.shtml W32.HLLW.Fizzer@mmDiscovered on: May 08, 2003Last Updated on: May 12, 2003 05:44:10 AM W32.HLLW.Fizzer@mm is a mass-mailing worm that sends itself to all contacts in the Windows Address Book. It contains a backdoor that uses mIRC to communicate with a remote attacker. It also contains a keylogger. Symantec Security Response is currently analysing this threat in more detail and will post more information as it becomes available. Due to the number of submissions received from customers, Symantec Security Response is upgrading this threat from a Category 2 to a Category 3 threat. For more information, please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.fizzer@mm.html W32.Bugbear.A - 02 October, 2002Discovered on: October 02, 2002Last Updated on: October 02, 2002 04:14:45 PM PDT W32.Bugbear.A is a mass-mailing worm, that uses its own SMTP engine to send itself to email addresses that it finds in the any Microsoft Windows files. The email message with a variety of subjects and might have a variety of attachment names, but in all cases the attachment will have a "hidden" extension (EG: samples.doc.scr" (double extension)). Subject: ((various)) Attachments: ((various names)) For more information please check: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUGBEAR.A http://www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html http://vil.nai.com/vil/content/v_99728.htm http://www.f-prot.com/news/vir_alert/bugbear.html W32.Frethem.E@mm - 11 June, 2002Discovered on: June 11, 2002Last Updated on: June 18, 2002 04:14:45 PM PDT W32.Frethem.E@mm is a worm, and is a variant of W32.Frethem.B@mm. It uses its own SMTP engine to send itself to email addresses that it finds in the Microsoft Windows Address Book and in .dbx files. The email message arrives with the following characteristics. Subject: Re: Your password! Attachments: Decrypt-password.exe and Password.txt For more information, Please check: http://www.symantec.com/avcenter/venc/data/w32.frethem.e@mm.html http://vil.nai.com/vil/content/v_99519.htm http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRETHEM.K W32.Klez.A@mm - 15 April, 2002Discovered on: October 25, 2001Last Updated on: April 15, 2002 at 05:12:59 PM PDT W32.Klez.A@mm is a mass-mailing email worm. It attempts to copy itself into folders on both local and network drives. The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp The worm also inserts the virus W32.ElKern.3326. W32.ElKern.3326 can also infect W32.Klez.A@mm. Finally, the worm executes its payload on the 13th of January, March, May, July, September and November. The payload causes files on local and mapped drives to become zero bytes in size. For more information, check: http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.a@mm.html http://vil.nai.com/vil/content/v_99367.htm The W32.Klez removal tool from Symantec is mirrored on our site at pub/virus/klez/FixKlez.com if you prefer to download it locally. W32.Klez removal instructions are available here: Klez Removal ( www.ecsis.net/service/virus/klez-removal.html ) W32.MyLife.B@mm - 21 March, 2002Last Updated on: March 25, 2002 at 12:24:16 PM PST Due to increased submissions, Symantec Security Response has upgraded W32.MyLife.B@mm to a Category 3. W32.MyLife.B@mm is a mass-mailing worm that uses Microsoft Outlook to spread to all addresses in the Outlook address book. It copies itself to C:\Windows \System\Cari.scr and may delete files, depending on the system time. NOTE: Definitions dated prior to March 22, 2002 will detect this as W32.Caric@mm. Damage: Payload Trigger: If the worm is run when the system time is between 8:00 A.M. and 9:00 A.M. Payload: Large scale e-mailing: Send itself to all addresses in the Microsoft Outlook address book. Deletes files: Attempts to delete the files on C:\*.*, *.sys, *.vxd, *.ocx, *.nls, d:\*.*, e:\*.*, f:\*.* For more information, check: http://www.symantec.com/avcenter/venc/data/w32.mylife.b@mm.html http://vil.nai.com/vil/content/v_99414.htm W32.Myparty@mm - 28 January, 2002Last Updated on: January 28, 2002 at 02:54:23 PM PST W32.Myparty@mm is a mass-mailing email worm. It has the following characteristics: Subject: new photos from my party! Message: Hello! My party... It was absolutely amazing! I have attached my web page with new photos! If you can please make color prints of my photos. Thanks! Attachment: www.myparty.yahoo.com The worm sends email to all contacts in your Windows address book, and to email addresses that if finds in the Outlook Express Inboxes and folders. In addition, the worm sends a message to the author so that the author can track the worm. On NT/2000/XP systems, the worm drops a backdoor Trojan that allows a hacker to control your system. NAV will detect this as Backdoor.Myparty. Finally, if the file name of the worm is Access. For more information, check: http://securityresponse.symantec.com/avcenter/venc/data/w32.myparty@mm.html http://vil.nai.com/vil/content/v_99332.htm JS.Gigger.A@mm - 09 January, 2002Last Updated on: January 11, 2002 at 10:45:22 AM PST JS.Gigger.A@mm is a worm written in JavaScript. It uses Microsoft Outlook and mIRC to spread. It attempts to delete all files on the computer and to format drive C if the computer is successfully restarted. JS.Gigger.A@mm arrives as an email message that has the following characteristics: Subject: Outlook Express Update Message: MSNSofware Co. Attachement: Mmsn_offline.htm For more information, check: http://securityresponse.symantec.com/avcenter/venc/data/js.gigger.a@mm.html http://www.europe.f-secure.com/v-descs/gigger.shtml http://vil.nai.com/vil/content/v_99301.htm Win32/Reeezak.Worm - 19 December, 2001Reeezak is a mass-mailer spreading through Microsoft Outlook. The worm attaches itself to an email with the subject line "Happy New Year", and attachment name "Christmas.exe" (37,376 bytes) carrying a Flash Animation icon. The message body reads: Hii I can't describe my feelings But all i can say is Happy New Year :) bye A few payloads observed so far: Keyboard input is disabled. Files deleted from Windows System directory. Ineternet Explorer default start page is changed to point to a web page that is hosted on http://geocities.com domain. For more information, check: Computer Associates OR: http://securityresponse.symantec.com/avcenter/venc/data/w32.reeezak.a@mm.html W32.Goner.A@mm - 04 December, 2001Last Updated on: December 4, 2001 at 11:21:17 AM PST W32.Goner.A@mm is a mass-mailing worm that is written in Visual Basic. The worm has been compressed using a known Portable Executable (PE)* file compressor. The worm can spread its infection using the ICQ network as well as by email using Microsoft Outlook. If IRC is installed, this worm can also insert mIRC scripts that will enable the computer to be used in Denial of Service (DOS) attacks. Please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.goner.a@mm.html W95/Badtrans.B@mm - 24 November, 2001Last Updated on: November 24, 2001 at 12:19:48 PM PST W32.Badtrans.B@mm is a MAPI worm that emails itself out as one of several different file names. This worm also drops a backdoor trojan that logs keystrokes. Please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html http://www.f-secure.com/v-descs/badtrans.shtml UPDATE: 27 November 2001 Due to the increased rate of submissions, Symantec Security Response has upgraded the threat level of this worm from level 3 to level 4 as of November 26, 2001. Keep your Anti-Virus software up to date. Beyond that, it is also a good idea to disable the more exotic file extensions on clients where they are not used. Make sure Outlook is patched (see below) and to ensure that you have updated your IE Browser to ensure that you're running IE 5.01 SP2, IE 5.5 SP2, or IE 6.0 to be sure that you're not vulnerable or apply the patch the patch found at: http://www.microsoft.com/technet/security/bulletin/MS01-027.asp W32.Aliz.Worm - 20 November, 2001Last Updated on: November 20, 2001 at 12:38:49 PM PST W32.Aliz.Worm is a very simple SMTP mass mailer worm. The worm is written in assembly and is additionally packed. The worm propagates by obtaining email addresses from the Windows Address Book and sending itself to those addresses. When the worm arrives by email, the worm uses a MIME exploit allowing the virus to be executed just by reading or previewing the file. Information and a patch for this exploit can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp Please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.aliz.worm.html UPDATE: 27 November 2001 A patch for the Win9X W32ALIZ.WORM vulnerability can be found at: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp W32.Delalot.Trojan - 11 November, 2001Last Updated on: November 19, 2001 at 09:01:35 AM PST W32.Delalot.Trojan is a simple Trojan horse that starts itself as a service to run invisibly and then attempts to delete all files on drives C, D, E, F, and A, in that order. Please check: http://securityresponse.symantec.com/avcenter/venc/data/w32.delalot.trojan.html W32.Nimda.E@mm - 29 October, 2001Last Updated on: October 30, 2001 at 02:04:37 PM PST Due to an increase in submissions, Symantec Security Response is upgrading the threat assessment of W32.Nimda.E@mm from Category 2 to Category 3. Certified Virus Definitions have been posted W32.Nimda.E@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and other modifications, which are designed to prevent detection of this variant by antivirus programs. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of file names used by the worm. The attachment received has been changed to: Sample.exe The dropped .dll file is now: Httpodbc.dll The worm now copies itself to the \Windows\System folder as Csrss.exe instead of Mmc.exe NOTE: Norton AntiVirus already detects Infected HTML files as W32.Nimda.A@mm (html). Please check: http://www.symantec.com/avcenter/venc/data/w32.nimda.e@mm.html W32.vote.a@mm - 24 September, 2001Last Updated on: September 24, 2001 at 09:56:49 PM PDT Security experts on Monday warned of a brand new virus masquerading as a program that will allow people to vote whether the United States should go to war over the deadly Sept. 11 hijacker attacks, but which deletes computer files instead. W32.Vote.A@mm is a mass-mailing worm that is written in Visual Basic. When executed, it will email itself out to all email addresses in the Microsoft Outlook address book. The worm will insert two .vbs files on the system, and it will also attempt to delete files from several antivirus products. (symantec) The "Vote Virus" is spreading via e-mail to users of Microsoft Corp.'s Outlook e-mail program, said Simon Perry, vice president of security solutions at Computer Associates International Inc. Please check: http://www.symantec.com/avcenter/venc/data/w32.vote.a@mm.html http://www.mcafee.com/anti-virus/viruses/vote/default.asp?cid=2464 Characteristics: Subject: Fwd:Peace BeTweeN AmeriCa and IsLaM! Message: Hi iS iT A waR Against AmeriCa Or IsLaM !? Let's Vote To Live in Peace! Attachment: WTC.EXE W32.Nimda.A@mm - 18 September, 2001Last Updated on: September 18, 2001 at 04:51:49 PM PDT Symantec Security Response has received a number of submissions on W32.Nimda.A.@mm and is rating it as a Category 4. W32.Nimda.A@mm is a new mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by email, searches for open network shares, attempts to copy itself to unpatched or already vulnerable Microsoft IIS web servers, and is a virus infecting both local files and files on remote network shares. As of 07:45pm, 18 September, 2001 - no patches or fixes are available. Please check: http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html for more information. W32.Sircam.Worm@mm - 17 July, 2001Last Updated on: July 19, 2001 at 06:56:06 PM PDT SARC has upgraded the threat level of W32.Sircam.Worm@mm from 3 to 4, due to its increased rate of submissions. W32.Sircam.Worm@mm contains its own SMTP engine, and propagates in a manner similar to the W32.Magistr.Worm. This worm arrives as an email message with the following content: Subject: The subject of the email will be random, and will be the same as the file name of the attachment in the email. EX: I send you this file in order to have your advice I hope you can help me with this file that I send I hope you like the file that I sendo you This is the file with the information that you ask for Please check: http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html http://vil.mcafee.com/dispVirus.asp?virus_k=99141& Don't tip your hat to the SirCam wormFrom ZDNet. A news article fron ZDNET Interactive W32.MsWorld@mm - 06 June, 2001Last Updated on: June 5, 2001 at 03:19:27 PM PDT W32.MsWorld@mm is a massmailing Visual Basic worm. It uses a Macromedia Flash presentation to mask its malicious intentions. It attempts to modify the Autoexec.bat file to format the C drive the next time that the computer is restarted. It also attempts to delete the Windows registry files. Please check: http://www.symantec.com/avcenter/venc/data/w32.msworld@mm.html http://vil.mcafee.com/dispVirus.asp?virus_k=99099& W32.Badtrans.13312@mm - 09 May, 2001Discovered on: April 11, 2001 Last Updated on: May 8, 2001 at 08:39:43 AM PDT Due to an increase in the number of submissions, W32.Badtrans.13312@mm has been upgraded to a Category 4 threat. It is a MAPI worm that replies to all unread mails in your email message folders, and drops a backdoor Trojan. Please check: http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312@mm.html http://vil.mcafee.com/dispVirus.asp?virus_k=99069& VBS.VBSWG2.X@mm - 08 May, 2001Discovered on: May 8, 2001 Last Updated on: May 8, 2001 at 05:10:04 PM PDT VBS.VBSWG2.X@mm is an encrypted VBScript Worm that uses a known exploit to send itself to all recipients in an infected user's Outlook Address Book. It also has the payload of opening a website that contains pornographic contents. Symantec AntiVirus Research Center will be releasing new virus definitions to detect this virus. It is currently estimated to be available at 8:00 PM (PST) on May 8, 2001. Please check: http://www.symantec.com/avcenter/venc/data/vbs.vbswg2.x@mm.html http://vil.mcafee.com/dispVirus.asp?virus_k=99082& W32.Naked@mm - 06 March, 2001Discovered on: March 6, 2001 Last Updated on: March 6, 2001 at 03:20:12 PM PST W32.Naked@mm is a mass mailing worm that disguises itself as flash movie. The attachment is named NakedWife.exe. This worm, after it has attempted to email everyone in the Microsoft Outlook address book, will attempt to delete several system files. This will leave the system unusable, requiring a re-install. Please check: Symantec Anti-virus - W32.Naked@mm McAfee Anti-virus - W32/Naked@MM VBS.SST@MM - 13 Feburary, 2001Discovered on February 12, 2001 Last Updated on: February 12, 2001 at 01:47:42 PM PST VBS.SST@mm is a VBS email worm that has been encoded using a virus creation kit. The worm arrives as an attachment named AnnaKournikova.jpg.vbs When executed, the worm emails itself to everyone in your Microsoft Outlook book. On January 26, the worm will attempt to direct your Web browser to an Internet address located in The Netherlands. Please check: Symantec Anti-virus - VBS.SST@MM McAfee Anti-Virus - VBS.SST@MM "W32.Hybris.gen"Discovered on: September 25, 2000 Last Updated on: November 16, 2000 0 9:52:35 AM PST W32.Hybris is worm that spreads by email as an attachment to outgoing emails. When the worm attachment is executed, the WSOCK32.DLL file will be modified or replaced. This will give the worm the ability to attach itself to all outbound email. The email attachment will have a random name but the filename extension is either EXE or SCR)...For more information on this "WORM", please check: Symantec Anti-Virus - W32.Hybris.gen Worm Lycos Anti-Virus Center McAfee Anti-Virus - W32.Hybris.gen Worm "WSCRIPT KAK Worm""Love Letter""Prilissa"VBS.Stages.A* Life Stages * Funny * Jokes Once LIFE_STAGES.TXT.SHS is executed, a text file will be opened in Notepad displaying the male and female stages of life. A script is executed in the background, which makes some changes to your system. The worm creates several files in the \WINDOWS\SYSTEM\ folder: SCANREG.VBS, VBASET.OLB, and MSINFO16.TLB. The worm modifies the registry to run the worm on startup. A randomly named file is added to the root directory of all mapped drives, the \My Documents folder, and the \Windows\Start Menu\Programs folder. If you receive an email that matches this description, please delete it immediately. For complete information regarding this virus, please point your browser to: http://www.symantec.com/techsupp/vURL.cgi/nav47 "Pretty Park"If you receive this e-mail do NOT open it! The following links will help remove it from your system. http://vil.nai.com/vil/vpe10175.asp http://vil.mcafee.com/vil/wm98500.asp Norton's Site AdviceIf you use Microsoft Outlook Express for your E-Mail, and you have not gone to the Microsoft product Update area to check for critical updates, please do so asap! They have "fixes" for the mail program to help protect your computer. |
|||||
| |
||||||||
|
|
||||||||
|
|
||||||||
