[windows2000] Re: VIRUS WARNING
- From: "Greg Reese" <GReese@xxxxxxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Mon, 19 May 2003 09:41:07 -0400
trend micro pattern 541 catches this one. Pattern file 542 is current =
so if you update nightly, you should be ok.
Greg
-----Original Message-----
From: Chris McEvoy [mailto:chris@xxxxxxxxxxxxxxxxx]
Sent: Monday, May 19, 2003 9:33 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: VIRUS WARNING
Thanks Jim. Do you know if the latest Norton definitions can catch this
one?
> -----Original Message-----
> From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=3D20
> Sent: Monday 19 May 2003 14:24
> To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx;=3D20
> brainstem@xxxxxxxxxxxxx
> Subject: [windows2000] VIRUS WARNING
>=3D20
>=3D20
>=3D20
> If you receive an email from Support@xxxxxxxxxxxxx that has=3D20
> an attachment DO NOT OPEN IT! This is a virus. Delete it=3D20
> immediately. My mcaffee I updated yesterday is not catching=3D20
> this one. Watch out! Regards, Jim Kenzig
>=3D20
>=3D20
> VIRUS WARNING The Central Command(r) Emergency Virus Response=3D20
> Team(tm) (EVRT(tm)) has received virus infection reports for the=3D20
> new Internet Worm/Palyh.A=3D20
> <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> user/std_adp.p
> hp?p_refno=3D3D030518-000043>. Due to increased customer inquires=3D20
> and infection reports the EVRT is issuing a VIRUS ALERT.
>=3D20
> You are receiving this news letter because you are a=3D20
> subscriber to the Central Command Virus News mailing list.
>=3D20
> [ EVRT(tm) Virus Warning issued for Worm/Palyh.A=3D20
> <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> user/std_adp.p
> hp?p_refno=3D3D030518-000043> ]
>=3D20
> Name: Worm/Palyh.A=3D20
> <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> user/std_adp.p
> hp?p_refno=3D3D030518-000043>
> Alias: Win32.Palyh-A
> Type: Internet Worm
> Discovered: May 18, 2003
> Size: 52.955KB
> Platform: Microsoft Windows 9x/ME/NT/2000/XP
>=3D20
>=3D20
> Description:
>=3D20
> Worm/Palyh.A=3D20
> <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
user/std_adp.p
hp?p_refno=3D3D030518-000043> is an Internet worm that spreads through
e-mail by using addresses it collects in the files with the following
extensions, .dbx, .eml, .htm, .html, .txt, and .wab.
The worm may arrive in via email in the following format:
From: support@xxxxxxxxxxxxx
Subject: (it will contain one of the following)
- Your Password
- Screensaver
- Re: Movie
- Your details
- Approved (Ref: 38446-263)
- Re: Approved (Ref: 3394-65467)
- Cool screensaver
- Re: My details
- Re: My application
- Re: Movie
Attachment: (it will contain one of the following)
- movie28.pif
- application.pif
- ref-394755.pif
- approved.pif
- doc_details.pif
- your_details.pif
- screen_temp.pif
- screen_doc.pif
- password.pif
If executed, the worm copies itself in the \windows\ directory under the
filename "mscon32.exe".
So that it gets run each time a user restart their computer the
following registry key gets added:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"System Tray"=3D3D"C:\\WINDOWS\\MSCON32.EXE"
=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D=
3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D
=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
