In a message dated 02-10-10 02:59:03 EDT, you write: << Reid, > Er, uh Glenn, Gaby, what are the symptoms of this particular worm? I can only tell you how you can detect it manually: It generates an EXE file (about 50k in size) with a random 4 letter name and copies it to the system directory. There'll also be a registry key in HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/RunOnce which launches this exe file. As for the symptoms, look here: http://vil.nai.com/vil/content/v_99728.htm > loss. I doubt I'm infected. I'm using XP Pro SP-1. Does it run Calmira? ;-) Anyway, there must be somebody in this list who *is* infected >> Reid, Gaby... Another great site for information on malware is www.symantec.com, and www.f-prot.com. Full information on W32.Bugbear@mm (the latest in a line of mass-mailer email trojans) is on the Symantec Antivirus Research Center pages. In addition to the effects Gaby has detailed, Bugbear also grabs random text from messages in an infected machines Lookout email boxes, then uses one of the stored email addresses in the address book to forge the "From" headers. The worm will re-write to the registry in the "run-once" field almost each time, so that the worm will constantly attempt to run when an infected machine is booted. It has its own SMTP server which it uses to send copies of itself to email addresses in the infected machines address book (s). As mentioned, with WinXP, Me and other 9X machines with any sort of "System Restore" capability, the user must disable the system restore before the trojan can be removed successfully. As for infecting and running Calmira...no chance! Not even a Win3X machine with "Win32s" installed will run the worm, can't even run the removal tools, since the processes they call are not compatible with Win32s on Win3X...Win3X does not have enough system resources available for another thing. So, as I recommended before, if anyone on the list also uses Win9X, you need to scan your computer with an up-to-date antivirus scanner. You may also need to boot the computer into "Safe Mode" for this and for any removal needed. See you later! Glenn GLENNRPH http://members.aol.com/GLENNRPH/glennrph.htm http://members.surfbest.net/wizard57m@xxxxxxxxxxxx/index.html -- To unsubscribe, send a message to ecartis@xxxxxxxxxxxxx with "unsubscribe calmira_tips" in the body. OR visit //freelists.org