[pchelpers] FYI New Virus Info received from AVG

• From: "John Ford" <john.ford1@xxxxxxxxxxxxxxxx>
• To: "PC Helpers" <pchelpers@xxxxxxxxxxxxx>
• Date: Tue, 4 Sep 2001 09:13:19 -0400

HEllo everyone! I just received the following info from AVG. Just thought I
would warn everyone. Have a nice day.

John F

WARNING!!!!!
DESCRIPTON:

I-Worm/Apost
------------

It is a new mass mailing worm written in Visual Basic.

The worm is spreading as a file README.EXE in messages with the
subject:

    As per your request!

and the body:

    Please find attached file for your review.
    I look forward to hear from you again very soon.
    Thank you.

When is the README.EXE file is executed it copies itself into Windows
directory and create in the registry key:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

a value named "macrosoft"
pointing to the dropped copy of the worm.

Then the worm takes email addresses from Outlook address book
and starts sending itself.

Next, it displays a message box with a button 'Open'. When
you click on it, a fake error message appears:

    WinZip SelfExtractor: Warning
    CRC eror: 234#21

Update 276, that detects this worm, is ready on our web.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.274 / Virus Database: 144 - Release Date: 8/23/01

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription