Just a snipet: The worm attempts to exploit a MIME vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express, and Internet Explorer to allow the executable file to run automatically without the user double-clicking on the attachment. Microsoft has issued a patch which secures against this vulnerability which can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS01-027.asp. (This patch fixes a number of vulnerabilities in Microsoft's software, including the one exploited by this worm.) The worm copies itself to remote shares on other machines with random filenames. It also copies itself to the Windows System directory as krn132.exe, and sets the registry key HKLM\Software\Microsoft\Windows\ CurrentVersion\Run\krn132 to point to that file. -> -----Original Message----- -> From: computertalkshop-bounce@xxxxxxxxxxxxx -> [mailto:computertalkshop-bounce@xxxxxxxxxxxxx]On Behalf Of -> DBCfour@xxxxxxx -> Sent: Tuesday, September 03, 2002 7:20 PM -> To: computertalkshop@xxxxxxxxxxxxx -> Subject: [CTS] Re: Office Question -> -> -> In a message dated 9/3/2002 9:52:49 PM Eastern Daylight Time, -> crbgfblab@xxxxxxxxxxxxx writes: -> -> -> > Another question. Was it IE Repair you tried or the Detect and Repair -> > function in O2K? -> -> Both...numerous times...in varying order... -> -> Donna --- Look OUT you varmits, This msg is Virus Free! Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.384 / Virus Database: 216 - Release Date: 8/21/2002 --------------------------------------------------------------------------- ----- Computer Talk Shop http://www.computertalkshop.com Un-subscribe/Vacation, http://szaroconsulting.com/cts/list_options.htm List HowTo: http://szaroconsulting.com/cts/faq To join Computer Talk Shop's off topic list, please goto: http://szaroconsulting.com/cts/other_cts_lists.htm --------------------------------------------------------------------------- ------