[COMP] Fwd: ** NORTON ANTIVIRUS EMERGENCY NEWS BULLETIN **

 


-- Listar MIME Decryption --------------
-- Content: Included message

Return-Path: <owner-nav-techinfo-l@xxxxxxxxxxxxxxxxxxxx>
Received: from  rly-za02.mx.aol.com (rly-za02.mail.aol.com [172.31.36.98]) by
        air-za05.mail.aol.com (vx) with ESMTP; Wed, 01 Dec 1999 04:05:36
        -0500
Received: from  mailer.symantec.com (mailer.symantec.com [198.6.49.176]) by
        rly-za02.mx.aol.com (v65.4) with ESMTP; Wed, 01 Dec 1999 04:05:30
        -0500
Received: from lserver.symantec.com (lserver.symantec.com [198.6.49.6])
        by mailer.symantec.com (8.8.8/8.8.8) with ESMTP id BAA22725;
        Wed, 1 Dec 1999 01:05:22 -0800 (PST)
Received: from lserver (lserver [198.6.49.6])
        by lserver.symantec.com (8.9.1/8.9.1) with ESMTP id BAA23390;
        Wed, 1 Dec 1999 01:05:18 -0800 (PST)
Received: from LSERVER.SYMANTEC.COM by LSERVER.SYMANTEC.COM (LISTSERV-TCP/IP
          release 1.8d) with spool id 4164507 for
          NAV-TECHINFO-L@xxxxxxxxxxxxxxxxxxxx; Wed, 1 Dec 1999 00:36:03 -0800
Approved-By: es@xxxxxxxxxxxx
Received: from cmandevi98 (host110-sub16.symantec.com [155.64.16.110]) by
          lserver.symantec.com (8.9.1/8.9.1) with SMTP id AAA21262 for
          <nav-techinfo-l@xxxxxxxxxxxxxxxxxxxx>; Wed, 1 Dec 1999 00:23:00
        -0800
          (PST)
Priority: normal
X-mailer: Pegasus Mail for Win32 (v3.01b)
Message-ID:  <199912010823.AAA21262@xxxxxxxxxxxxxxxxxxxx>
Date:         Wed, 1 Dec 1999 03:22:52 -0500
Reply-To: es@xxxxxxxxxxxx
Sender: NAV-Techinfo <es@xxxxxxxxxxxx>
From: Symantec News Bulletins <es@xxxxxxxxxxxx>
Subject:      ** NORTON ANTIVIRUS EMERGENCY NEWS BULLETIN **
To: NAV-TECHINFO-L@xxxxxxxxxxxxxxxxxxxx

November 30, 1999
_____________________________

WARNING! New virus surfaces on the Internet!

Worm.ExploreZip(pack) is a new version of Worm.ExploreZip.

** This virus SHOULD BE CONSIDERED DANGEROUS! **

REPAIR NOTES

New definitions updates will be posted late in the evening of
11/30/99. SARC will update the site

http://www.symantec.com/techsupp/vURL.cgi/nav20

with information about the updates when the new detection and repair
definitions have been released. They will be available by simply
running LiveUpdate, or by downloading them from

http://www.symantec.com/avcenter/download.html


MANUAL REPAIR NOTES

To remove this worm manually, perform the following steps:

1. Remove the line run=C:\WINDOWS\SYSTEM\Explore.exe from the WIN.INI
file.

2. Delete the file "C:\WINDOWS\SYSTEM\EXPLORE.EXE." You might need to
reboot first if the file is in use.

DETAILS OF INFECTION PROCESS

The worm utilizes MAPI-capable e-mail programs on Windows systems to
propagate itself. The worm e-mails itself out as an attachment with
the filename "zipped_files.exe." The body of the e-mail message might
appear to come from a known e-mail correspondent and contains the
following text:

        I received your email and I shall send you a reply ASAP.
        Till then, take a look at the attached zipped docs.

Once the attachment is opened/executed, it will unpacked itself and
execute the original Worm.ExploreZip routine. It might display an
error message informing the user that the file is not a valid
archive.

The worm proceeds to copy itself to the c:\windows\system directory
with the filename "Explore.exe" and then modifies the WIN.INI file so
that the program is executed each time Windows is started. The worm
then utilizes your e-mail client to harvest e-mail addresses in order
to propagate itself. Users may notice that their e-mail client
launches when this occurs.

1.  Year 2000: Is this product Year 2000 compliant?
2.  Subscribing and unsubscribing
3.  Disclaimer
_____________________________

NOTE:
This is an outgoing email address. Please do not reply to this email
message. If you require assistance installing, configuring, or
troubleshooting a Symantec product, or you have a question for
Symantec Customer Service, please visit the Symantec Service &
Support Web site at the following address:

http://www.symantec.com/techsupp/

Select your product and version and click Go.

_______

To view this News Bulletin in HTML format:

To see an HTML version of this newsletter, please visit the following
Internet web site:

http://www.symantec.com/techsupp/vURL.cgi/nav19

_____________________________

1.  Year 2000: Is this product Year 2000 compliant?

For more details on this question, point your browser to the
following Internet address:

http://www.symantec.com/y2k/y2k.html

_______________________________


2.  Subscribe or unsubscribe

If you would like to subscribe to other Symantec newsletters, please
visit the following web site and follow the appropriate instructions:

http://www.symantec.com/techsupp/bulletin/index.html

If you no longer want to receive this newsletter, let us know by
following these steps:

 1. Create a new email addressed to:

         listserv@xxxxxxxxxxxxxxxxxxxxx

 2. In the Subject line of your email software, type the following:

         unsubscribe

 3. In the body of the message, type the following:

         SIGNOFF NAV-TECHINFO-L

 4. Send the message.

If you would like to unsubscribe from other Symantec newsletters,
please visit the following web site and follow the appropriate
instructions:

http://www.symantec.com/techsupp/bulletin/index.html

_____________________________

3.  Disclaimer

THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY

This message contains Symantec Corporation's current view of the
topics discussed as of the date of this document. The information
contained in this message is provided "as is" without warranty of any
kind, either expressed or implied, including but not limited to the
implied warranties of merchantability, fitness for a particular
purpose, and freedom from infringement. The user assumes the entire
risk as to the accuracy and the use of this document. This document
may not be distributed for profit.

Symantec and the Symantec logo are U.S. registered trademarks of
Symantec Corporation. LiveAdvisor is a trademark of Symantec
Corporation. Other brands and products are trademarks of their
respective holder(s).

(c) Copyright 1999 Symantec Corporation. All rights reserved.
Materials may not be published in other documents without the
express, written permission of Symantec Corporation.

========================================
Avenir Web's Computers Mailing List

List Modes, Subscription, and General Info:
Go to http://avenir.dhs.org/mailing.html
List Archives: http://avenir.dhs.org/archives/
Administrative Contact: webmaster@xxxxxxxxxxxxxx

Get computer help: http://avenir.dhs.org
========================================

Other related posts: