[windows2000] Re: VIRUS WARNING
- From: "Dennis Appelboom" <dennis.appelboom@xxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Mon, 19 May 2003 15:45:50 +0200
Well, try updating Mcafee again.....There's a new one out (4265) does =
recognize the virus.
http://vil.nai.com/vil/content/v_100307.htm
Regards,
Dennis Appelboom
www.marviQ.com
-----Original Message-----
From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]
Sent: maandag 19 mei 2003 15:24
To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx; =
brainstem@xxxxxxxxxxxxx
Subject: [windows2000] VIRUS WARNING
If you receive an email from Support@xxxxxxxxxxxxx that has an =
attachment DO
NOT OPEN IT! This is a virus. Delete it immediately. My mcaffee I =
updated
yesterday is not catching this one. Watch out!
Regards,
Jim Kenzig
VIRUS WARNING The Central Command(r) Emergency Virus Response Team(tm) =
(EVRT(tm))
has received virus infection reports for the new Internet Worm/Palyh.A
<http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad=
p.p
hp?p_refno=3D030518-000043>. Due to increased customer inquires and =
infection
reports the EVRT is issuing a VIRUS ALERT.
You are receiving this news letter because you are a subscriber to the
Central Command Virus News mailing list.
[ EVRT(tm) Virus Warning issued for Worm/Palyh.A
<http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad=
p.p
hp?p_refno=3D030518-000043> ]
Name: Worm/Palyh.A
<http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad=
p.p
hp?p_refno=3D030518-000043>
Alias: Win32.Palyh-A
Type: Internet Worm
Discovered: May 18, 2003
Size: 52.955KB
Platform: Microsoft Windows 9x/ME/NT/2000/XP
Description:
Worm/Palyh.A
<http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad=
p.p
hp?p_refno=3D030518-000043> is an Internet worm that spreads through =
e-mail by
using addresses it collects in the files with the following extensions,
.dbx, .eml, .htm, .html, .txt, and .wab.
The worm may arrive in via email in the following format:
From: support@xxxxxxxxxxxxx
Subject: (it will contain one of the following)
- Your Password
- Screensaver
- Re: Movie
- Your details
- Approved (Ref: 38446-263)
- Re: Approved (Ref: 3394-65467)
- Cool screensaver
- Re: My details
- Re: My application
- Re: Movie
Attachment: (it will contain one of the following)
- movie28.pif
- application.pif
- ref-394755.pif
- approved.pif
- doc_details.pif
- your_details.pif
- screen_temp.pif
- screen_doc.pif
- password.pif
If executed, the worm copies itself in the \windows\ directory under the
filename "mscon32.exe".
So that it gets run each time a user restart their computer the =
following
registry key gets added:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"System Tray"=3D"C:\\WINDOWS\\MSCON32.EXE"
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
