The e-mail does not even need to be opened.. If you see it in your mail, delete at once. I know it showed up earlier today in my mail, unopened, and sent the virus out immediately to one of my groups in Yahoogroups.. I have all attachments sent to a folder in OE.. I disabled my System Restore and scanned my computer with my anti-virus program after updating my 'virus definitions' for the day (I have the virus definitions updated each day at 12:30 AM, and downloaded the new one about 1 hour ago..), and an on-line anti-virus program.. I think I am OK now, since the definitions are updated.. Just wanting you all to be aware, and update your virus definitions ASAP.. Hope this helps somebody.. Tina ----- Original Message ----- From: Mike To: 24hoursupport@xxxxxxxxxxxxx Sent: Monday, January 19, 2004 5:58 PM Subject: [24hoursupport] W32/Bagle-mm spreading rapidly There is a new virus making the round this week, it's Subject is " Hi " please use caution with your email. Try to find a more descriptive keyword. ____________________________ From: VirusEye@xxxxxxxxxxxxxxx Subject: MessageLabs Intelligence virus alert: W32/Bagle-mm, HIGH LEVEL W32/Bagle-mm spreading rapidly During 18th and 19th January 2004, MessageLabs, the email security company, intercepted a significant number of copies of a new virus known as W32/Bagle-mm. The majority of intercepted copies have been sent from Australia. Name: W32/Bagle-mm Aliases: I-Worm.Bagle, W32/Bagle@MM, W32.Beagle.A@mm, W32/Bagle-A, Bagle, WORM_BAGLE.A General The worm arrives as an attachment to an email and has a random filename, with a .exe extension. W32/Bagle-mm searches the infected machine for email addresses and then uses its own SMTP engine to send itself to the addresses found. Email Characteristics Subject: Hi Text: Test =) Attached file: <random name>.exe The attached file may appear as a calculator icon. The worm deliberately launches the Calculator application as a disguise. W32/Bagle-A copies itself to bbeagle.exe in the Windows system folder and sets the following registry entry to ensure the worm is run at logon: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe The worm also sets the following registry entries: HKCU\Software\Windows98\uid HKCU\Software\Windows98\frun W32/Bagle-A includes a backdoor component which listens on TCP port 6777. This allows an attacker to upload and execute arbitrary programs on infected computers. From; F-Secure Detailed technical description of the worm as well as screenshots are available in the F-Secure Virus Description Database at http://www.f-secure.com/v-descs/bagle.shtml Disinfection Special Disinfection Tool F-Secure has developed a special disinfection tool for this worm. The tool will detect and remove an active Bagle infection from the computer. The Bagle removal tool can be downloaded in a ZIP file from: http://www.f-secure.com/tools/f-bagle.zip ftp://ftp.f-secure.com/anti-virus/tools/f-bagle.zip From Panda; Panda Software offers all users its free PQREMOVE application, designed to effectively clean any computer affected by Bagle.A. This tool can be downloaded from the following address: ** http://www.pandasoftware.com/download/utilities/ ** More information: Computer Associates http://www3.ca.com/virusinfo/virus.aspx?ID=38019 Sophos http://www.sophos.com/virusinfo/analyses/w32baglea.html Symantec http://www.symantec.com/avcenter/venc/data/w32.beagle.a@xxxxxxx Trend; http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.A ___________________________________________ Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <http://www3.telus.net/mikebike/mikes_virus_page.htm> A Technical Support Alliance & OWTA Charter Member For a web-based membership management utility and information on list policies, please see http://nibec.com/24hoursupport/ To unsubscribe, send a blank email to 24hoursupport-request@xxxxxxxxxxxxx with "unsubscribe" (without quotes) in the subject. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.564 / Virus Database: 356 - Release Date: 1/19/2004 For a web-based membership management utility and information on list policies, please see http://nibec.com/24hoursupport/ To unsubscribe, send a blank email to 24hoursupport-request@xxxxxxxxxxxxx with "unsubscribe" (without quotes) in the subject.