Well, try updating Mcafee again.....There's a new one out (4265) does = recognize the virus. http://vil.nai.com/vil/content/v_100307.htm Regards, Dennis Appelboom www.marviQ.com -----Original Message----- From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx] Sent: maandag 19 mei 2003 15:24 To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx; = brainstem@xxxxxxxxxxxxx Subject: [windows2000] VIRUS WARNING If you receive an email from Support@xxxxxxxxxxxxx that has an = attachment DO NOT OPEN IT! This is a virus. Delete it immediately. My mcaffee I = updated yesterday is not catching this one. Watch out! Regards, Jim Kenzig VIRUS WARNING The Central Command(r) Emergency Virus Response Team(tm) = (EVRT(tm)) has received virus infection reports for the new Internet Worm/Palyh.A <http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad= p.p hp?p_refno=3D030518-000043>. Due to increased customer inquires and = infection reports the EVRT is issuing a VIRUS ALERT. You are receiving this news letter because you are a subscriber to the Central Command Virus News mailing list. [ EVRT(tm) Virus Warning issued for Worm/Palyh.A <http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad= p.p hp?p_refno=3D030518-000043> ] Name: Worm/Palyh.A <http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad= p.p hp?p_refno=3D030518-000043> Alias: Win32.Palyh-A Type: Internet Worm Discovered: May 18, 2003 Size: 52.955KB Platform: Microsoft Windows 9x/ME/NT/2000/XP Description: Worm/Palyh.A <http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_ad= p.p hp?p_refno=3D030518-000043> is an Internet worm that spreads through = e-mail by using addresses it collects in the files with the following extensions, .dbx, .eml, .htm, .html, .txt, and .wab. The worm may arrive in via email in the following format: From: support@xxxxxxxxxxxxx Subject: (it will contain one of the following) - Your Password - Screensaver - Re: Movie - Your details - Approved (Ref: 38446-263) - Re: Approved (Ref: 3394-65467) - Cool screensaver - Re: My details - Re: My application - Re: Movie Attachment: (it will contain one of the following) - movie28.pif - application.pif - ref-394755.pif - approved.pif - doc_details.pif - your_details.pif - screen_temp.pif - screen_doc.pif - password.pif If executed, the worm copies itself in the \windows\ directory under the filename "mscon32.exe". So that it gets run each time a user restart their computer the = following registry key gets added: - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "System Tray"=3D"C:\\WINDOWS\\MSCON32.EXE" =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm