From: Symantec/Norton AV W32.Beagle.W@mm The W32.Beagle.W@mm worm has the following characteristics: -W32.Beagle.W@mm is a mass-mailing worm that attempts to spread using mail and file-sharing networks. -It does this by opening the/a "backdoor" on an infected computer. -It may be packed using UPX. -It tends to Append random data to the end of itself, so it does not have a static MD5 value. When W32.Beagle.W@mm runs, it displays a message box with the following text: " Can't find a viewer associated with the file." Note: Virus definitions version 60223g (extended version 2/23/2004 rev. 7) and later detected this threat as Bloodhound.Packed. +---------------------------------------------------------------------+ For more technical information, refer to the W32.Beagle.W@mm writeup at: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.w@xxxxxxx Symantec Security Response has developed a removal tool to clean the infections of W32.Beagle.W@mm. http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle@xxxxxxxxxx .tool.html Also Known As: W32/Bagle.z@MM [McAfee], W32/Bagle-W [Sophos], Win32.Bagle.W [Computer Associates], WORM_BAGLE.X [Trend], I-Worm.Bagle.y [Kaspersky], Bagle.Y [F-Secure] Type: Worm Infection Length: Between 35 - 40 KB, or 68 - 71 KB Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Systems Not Affected: DOS, Linux, Macintosh, Microsoft IIS, Novell Netware, OS/2, UNIX, Windows 3.x *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member