[COMP] Resend on the Virus Warning!!

• From: CRAZYDOVE@xxxxxxx
• To: computertalkshop-list@xxxxxxxxx, computers@xxxxxxxxxxxxxx
• Date: Wed, 1 Dec 1999 09:42:41 EST

November 30, 1999
_____________________________

WARNING! New virus surfaces on the Internet!

Worm.ExploreZip(pack) is a new version of Worm.ExploreZip.

** This virus SHOULD BE CONSIDERED DANGEROUS! **

REPAIR NOTES

New definitions updates will be posted late in the evening of
11/30/99. SARC will update the site

http://www.symantec.com/techsupp/vURL.cgi/nav20

with information about the updates when the new detection and repair
definitions have been released. They will be available by simply
running LiveUpdate, or by downloading them from

http://www.symantec.com/avcenter/download.html


MANUAL REPAIR NOTES

To remove this worm manually, perform the following steps:

1. Remove the line run=C:\WINDOWS\SYSTEM\Explore.exe from the WIN.INI
file.

2. Delete the file "C:\WINDOWS\SYSTEM\EXPLORE.EXE." You might need to
reboot first if the file is in use.

DETAILS OF INFECTION PROCESS

The worm utilizes MAPI-capable e-mail programs on Windows systems to
propagate itself. The worm e-mails itself out as an attachment with
the filename "zipped_files.exe." The body of the e-mail message might
appear to come from a known e-mail correspondent and contains the
following text:

        I received your email and I shall send you a reply ASAP.
        Till then, take a look at the attached zipped docs.

Once the attachment is opened/executed, it will unpacked itself and
execute the original Worm.ExploreZip routine. It might display an
error message informing the user that the file is not a valid
archive.

The worm proceeds to copy itself to the c:\windows\system directory
with the filename "Explore.exe" and then modifies the WIN.INI file so
that the program is executed each time Windows is started. The worm
then utilizes your e-mail client to harvest e-mail addresses in order
to propagate itself. Users may notice that their e-mail client
launches when this occurs.
========================================
Avenir Web's Computers Mailing List

List Modes, Subscription, and General Info:
Go to http://avenir.dhs.org/mailing.html
List Archives: http://avenir.dhs.org/archives/
Administrative Contact: webmaster@xxxxxxxxxxxxxx

Get computer help: http://avenir.dhs.org
========================================

Other related posts:

• » [COMP] Resend on the Virus Warning!!

1. Home
2. computers
3. Archive
4. 12-1999

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---