Tuis » Ernstig » Rekenaars & selfone » Nuwe Virus - Pasop!
Nuwe Virus - Pasop! [boodskap #23893 is 'n antwoord op boodskap #23894] |
Sat, 12 June 1999 00:00 |
roy...
Boodskappe: 68 Geregistreer: April 1999
Karma: 0
|
Volle Lid |
|
|
Wees op julle hoede - 'n nuwe virus is hard aan die werk - en hulle
probeer nog 'n oplossing wind. Enige email met "zip.doc.files.exe"
(weet nie of die volgorde reg is nie) moet onaangeraak gelos word.
So terloops, wie het die oorlog in Kosovo gewen? Lyk vir my so al of
NAVO net mooi die teenoorgestelde bereik het as wat hulle oorspronklike
doel was - en Milosevic, net soos Hussain, kraai nog steeds koning.
Groete
Royleen
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
|
|
|
Re: Nuwe Virus - Pasop! [boodskap #23894 is 'n antwoord op boodskap #23893] |
Sat, 12 June 1999 00:00 |
G.B.
Boodskappe: 2173 Geregistreer: May 1997
Karma: 0
|
Senior Lid |
|
|
roy...@my-deja.com writes:
> Wees op julle hoede - 'n nuwe virus is hard aan die werk - en hulle
> probeer nog 'n oplossing wind.
'n Ottawa firma het al 'n oplossing
gevind. Laai FastLane's wormkiller
af by www.fastlanetech.com onder
WindowsNT Wormkiller.
Gloudina
|
|
|
Re: Nuwe Virus - Pasop! [boodskap #23895 is 'n antwoord op boodskap #23894] |
Sat, 12 June 1999 00:00 |
roy...
Boodskappe: 68 Geregistreer: April 1999
Karma: 0
|
Volle Lid |
|
|
'n Bietjie meer inligting - die volgende boodskap sal in jou "Inbox"
verskyn: "I received your email and I shall send you a reply ASAP. Till
then, take a look at the attached zipped docs." En Mcafee het 'n oplossing
gevind.
Groete
Royleen
skryf in boodskap news:7jsghc$1c$1@nnrp1.deja.com...
> Wees op julle hoede - 'n nuwe virus is hard aan die werk - en hulle
> probeer nog 'n oplossing wind. Enige email met "zip.doc.files.exe"
> (weet nie of die volgorde reg is nie) moet onaangeraak gelos word.
>
> So terloops, wie het die oorlog in Kosovo gewen? Lyk vir my so al of
> NAVO net mooi die teenoorgestelde bereik het as wat hulle oorspronklike
> doel was - en Milosevic, net soos Hussain, kraai nog steeds koning.
>
> Groete
> Royleen
>
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
|
|
|
Re: Nuwe Virus - Pasop! [boodskap #23896 is 'n antwoord op boodskap #23894] |
Sat, 12 June 1999 00:00 |
Willem-Jan Markerink
Boodskappe: 331 Geregistreer: May 1999
Karma: 0
|
Senior Lid |
|
|
In article , roy...@my-deja.com wrote:
> Wees op julle hoede - 'n nuwe virus is hard aan die werk - en hulle
> probeer nog 'n oplossing wind. Enige email met "zip.doc.files.exe"
> (weet nie of die volgorde reg is nie) moet onaangeraak gelos word.
Zie hieronder, van een mailinglist (sorry, in het Engels....;-))
> So terloops, wie het die oorlog in Kosovo gewen? Lyk vir my so al of
> NAVO net mooi die teenoorgestelde bereik het as wat hulle oorspronklike
> doel was - en Milosevic, net soos Hussain, kraai nog steeds koning.
Zoals de kranten hier schrijven: totdat de herfst aanbreekt, en de mensen
brandstof en voedsel gaan verkiezen boven mooie praatjes. Als de blaadjes
vallen, valt ook Milosovic....;-))
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxx
Listers,
I'm still on a leave of absence but I wanted to pass this along. I have
verified that this is a real virus threat and not a hoax. I have copied
the following info from the Norton Anti Virus web site. It is verbatim but
the
formatting has been stripped so it may have odd sections. Please take a
moment
to read this and take any appropriate actions.
Gary
======================
Virus Name: Worm.ExploreZip
Aliases: W32.ExploreZip Worm
Infection Length: 210,432 bytes
Area of Infection: Windows System directory, Email Attachments
Likelihood: Common
Detected as of: June 6, 1999
Characteristics: Worm, Trojan Horse
[]
Overview:
Worm.ExploreZip contains a very malicious payload. Worm.ExploreZip utilizes
Microsoft Outlook, Outlook Express, and Microsoft Exchange to mail itself
out by
replying to unread messages in your Inbox. The payload of the worm will
destroy
any file with the extension .h, .c, .cpp, .asm, .doc, .ppt, or .xls on your
hard
drive(s), as well as any mapped drives, each time it is executed. The worm
will
also search the mapped drives for Windows installations and copy itself to
the
Windows directory, and then modify the WIN.INI file. This will infect
systems
without e-mail clients. This continues to occur until the worm is removed.
You
may receive this worm as a file attachment named "zipped_files.exe". When
run,
this executable will copy itself to your Windows System directory with the
filename "Explore.exe", or your Windows directory with the filename
"_setup.exe". The worm modifies your WIN.INI or registry such that the
"Explore.exe" or "_setup.exe" file is executed each time you start Windows.
Worm.ExploreZip was first discovered in Israel and submitted to the
Symantec
AntiVirus Research Center on June 6, 1999.
[]
Technical Description:
Worm.ExploreZip utilizes MAPI commands and Microsoft Outlook/Outlook
Express/Microsoft Exchange on Windows 9x and NT systems to propagate
itself. The
worm e-mails itself out as an attachment with the filename
"zipped_files.exe" in
reply to unread messages it finds in your Inbox. Thus, the e-mail message
may
appear to come from a known e-mail correspondent in response to a
previously
sent e-mail. The e-mail contains the following text: Hi Recipient Name!
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
bye or sincerely Recipient Name
Once the attachment is executed, it may display the following window:
[]
The worm also copies itself to the Windows System (System32 on Windows NT)
directory with the filename "Explore.exe" or "_setup.exe", and modifies the
WIN.INI file (Windows 9x) or the registry (on Windows NT). This results in
the
program being executed each time Windows is started. You may find this file
under your Windows Temporary directory or your attachments directory,
depending
on the e-mail client you are using. E-mail clients will often temporarily
store
e-mail attachments in these directories under different temporary names.
The
worm will continue to search through your Inbox as long as it is still
running
in memory. Thus, any new messages that are received will be replied to in
the
above manner. [] Payload: In addition, when Worm.ExploreZip is executed, it
searches drives C through Z of your computer system and selects a series of
files to destroy based on file extensions (including .h, .c, .cpp, .asm,
doc,
xls, .ppt) by calling CreateFile(), and making them 0 bytes long. You may
notice extended hard drive activity when this occurs. This can result in
non-recoverable data. This payload routine continues to happen while the
worm is
active on the system. Thus, any newly created files matching the extensions
list
will be destroyed as well. Symantec provides data recovery services which
can be
found at
http://www.symantec.com/techsupp/recovery.
However, due to the nature of the payload data recovery may take several
days and may not be possible in all cases.
[]
Repair Notes:
To remove this worm, you should perform the following steps:
Remove the line
run=C:\WINDOWS\SYSTEM\Explore.exe
or
run=C:\WINDOWS\SYSTEM\_setup.exe
from the WIN.INI file for Windows 9x systems.
For Windows NT, remove the registry entry
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
which will refer to "Explore.exe" or "_setup.exe"
Delete the file "Explore.exe" or "_setup.exe". You may need to reboot first
or
kill the process using Task Manager or Process View (if the file is
currently in
use). Norton AntiVirus users can protect themselves from this worm by
downloading the current virus definitions either through LiveUpdate or from
the
following webpage: http://www.symantec.com/avcenter/download.html Write-up
by:
Eric Chien Written: June 6, 1999 Update: June 10, 1999
--
Bye,
Willem-Jan Markerink
The desire to understand
is sometimes far less intelligent than
the inability to understand
[note: 'a-one' & 'en-el'!]
|
|
|
|
|
Gaan na forum:
[ XML-voer ] [ ]
Tyd nou: Sun Dec 22 04:52:55 UTC 2024
|