[windows2000] Re: VIRUS WARNING

  • From: "Greg Reese" <GReese@xxxxxxxxxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>
  • Date: Mon, 19 May 2003 09:46:30 -0400

What?  Why not?

I have been running trend micro on my exchange server for over two years =
now.  We haven't been hit with a virus yet.  Best product I have ever =
used.

Greg

-----Original Message-----
From: Chris McEvoy [mailto:chris@xxxxxxxxxxxxxxxxx]
Sent: Monday, May 19, 2003 9:39 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: VIRUS WARNING



I hope you're not running file AV scanning on an Exchange server!

> -----Original Message-----
> From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx]=3D20
> Sent: Monday 19 May 2003 14:40
> To: 'windows2000@xxxxxxxxxxxxx'
> Subject: [windows2000] Re: VIRUS WARNING
>=3D20
>=3D20
>=3D20
> I suppose that some people don't control their mail servers,=3D20
> but for those of you that do, why would anyone allow .exe or=3D20
> .pif files through?
>=3D20
> I've been blocking a whole list of attachments for a couple=3D20
> years (the Martin list...) and, while I do run file-level AV=3D20
> on the mail server, they are all caught by the attachment blocking...
>=3D20
> Glenn Sullivan, MCSE+I  MCDBA
> David Clark Company Inc.
>=3D20
>=3D20
> -----Original Message-----
> From: Chris McEvoy [mailto:chris@xxxxxxxxxxxxxxxxx]
> Sent: Monday, May 19, 2003 9:33 AM
> To: windows2000@xxxxxxxxxxxxx
> Subject: [windows2000] Re: VIRUS WARNING
>=3D20
>=3D20
>=3D20
> Thanks Jim.  Do you know if the latest Norton definitions can=3D20
> catch this one?
>=3D20
> > -----Original Message-----
> > From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=3D3D20
> > Sent: Monday 19 May 2003 14:24
> > To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx;=3D3D20 =3D20
> >brainstem@xxxxxxxxxxxxx
> > Subject: [windows2000] VIRUS WARNING
> >=3D3D20
> >=3D3D20
> >=3D3D20
> > If you receive an email from Support@xxxxxxxxxxxxx that has=3D3D20  =
an =3D

> >attachment DO NOT OPEN IT! This is a virus. Delete it=3D3D20 =3D20
> immediately. =3D20
> >My mcaffee I updated yesterday is not catching=3D3D20  this one.=3D20
> Watch out!=3D20
> >Regards, Jim Kenzig =3D3D20
> >=3D3D20
> > VIRUS WARNING The Central Command(r) Emergency Virus Response=3D3D20
> > Team(tm) (EVRT(tm)) has received virus infection reports for =3D
the=3D3D20
> > new Internet Worm/Palyh.A=3D3D20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D3D3D030518-000043>. Due to increased customer =3D
inquires=3D3D20
> > and infection reports the EVRT is issuing a VIRUS ALERT.
> >=3D3D20
> > You are receiving this news letter because you are a=3D3D20
> > subscriber to the Central Command Virus News mailing list.
> >=3D3D20
> > [ EVRT(tm) Virus Warning issued for Worm/Palyh.A=3D3D20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D3D3D030518-000043> ]
> >=3D3D20
> > Name: Worm/Palyh.A=3D3D20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D3D3D030518-000043>
> > Alias: Win32.Palyh-A
> > Type: Internet Worm
> > Discovered: May 18, 2003
> > Size: 52.955KB
> > Platform: Microsoft Windows 9x/ME/NT/2000/XP
> >=3D3D20
> >=3D3D20
> > Description:
> >=3D3D20
> > Worm/Palyh.A=3D3D20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> user/std_adp.p
> hp?p_refno=3D3D3D030518-000043> is an Internet worm that spreads=3D20
> through e-mail by using addresses it collects in the files=3D20
> with the following extensions, .dbx, .eml, .htm, .html, .txt,=3D20
> and .wab.
>=3D20
> The worm may arrive in via email in the following format:
>=3D20
> From: support@xxxxxxxxxxxxx
> Subject: (it will contain one of the following)
>=3D20
> - Your Password
> - Screensaver
> - Re: Movie
> - Your details
> - Approved (Ref: 38446-263)
> - Re: Approved (Ref: 3394-65467)
> - Cool screensaver
> - Re: My details
> - Re: My application
> - Re: Movie
>=3D20
> Attachment: (it will contain one of the following)
>=3D20
> - movie28.pif
> - application.pif
> - ref-394755.pif
> - approved.pif
> - doc_details.pif
> - your_details.pif
> - screen_temp.pif
> - screen_doc.pif
> - password.pif
>=3D20
> If executed, the worm copies itself in the \windows\=3D20
> directory under the filename "mscon32.exe".
>=3D20
> So that it gets run each time a user restart their computer=3D20
> the following registry key gets added:
>=3D20
> - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
> "System Tray"=3D3D3D"C:\\WINDOWS\\MSCON32.EXE"
>=3D20
>=3D20
> =3D
=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D=
3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D=3D
3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3
> D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D
> =3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D=3D3D3D
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>=3D20
http://thethin.net/win2000list.cfm

=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D=
3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D
=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D=
3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D
=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts:

  1. Home
  2. windows2000
  3. Archive
  4. 05-2003