and a cousin..... Under Windows 98 and Windows Me W32/ElKern-A copies itself to the Windows System directory as the hidden file Wqk.exe, and sets the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WQK to point to this file so that the virus runs every time the computer is rebooted. -> -----Original Message----- -> From: computertalkshop-bounce@xxxxxxxxxxxxx -> [mailto:computertalkshop-bounce@xxxxxxxxxxxxx]On Behalf Of Charles R. -> Buchanan -> Sent: Tuesday, September 03, 2002 7:34 PM -> To: computertalkshop@xxxxxxxxxxxxx -> Subject: [CTS] Re: Office Question -> -> -> -> Just a snipet: -> -> The worm attempts to exploit a MIME vulnerability in some versions of -> Microsoft Outlook, Microsoft Outlook Express, and Internet -> Explorer to allow -> the executable file to run automatically without the user -> double-clicking on -> the attachment. Microsoft has issued a patch which secures against this -> vulnerability which can be downloaded from -> http://www.microsoft.com/technet/security/bulletin/MS01-027.asp. -> (This patch fixes a number of vulnerabilities in Microsoft's software, -> including the one exploited by this worm.) -> -> The worm copies itself to remote shares on other machines with random -> filenames. It also copies itself to the Windows System directory as -> krn132.exe, and sets the registry key -> -> HKLM\Software\Microsoft\Windows\ -> CurrentVersion\Run\krn132 -> -> to point to that file. -> -> -> -> -> -> -> -----Original Message----- -> -> From: computertalkshop-bounce@xxxxxxxxxxxxx -> -> [mailto:computertalkshop-bounce@xxxxxxxxxxxxx]On Behalf Of -> -> DBCfour@xxxxxxx -> -> Sent: Tuesday, September 03, 2002 7:20 PM -> -> To: computertalkshop@xxxxxxxxxxxxx -> -> Subject: [CTS] Re: Office Question -> -> -> -> -> -> In a message dated 9/3/2002 9:52:49 PM Eastern Daylight Time, -> -> crbgfblab@xxxxxxxxxxxxx writes: -> -> -> -> -> -> > Another question. Was it IE Repair you tried or the Detect -> and Repair -> -> > function in O2K? -> -> -> -> Both...numerous times...in varying order... -> -> -> -> Donna -> -> -> --- -> Look OUT you varmits, This msg is Virus Free! -> Checked by AVG anti-virus system (http://www.grisoft.com). -> Version: 6.0.384 / Virus Database: 216 - Release Date: 8/21/2002 -> -> -> ----------------------------------------------------------------- ---------- -> ----- -> Computer Talk Shop http://www.computertalkshop.com -> Un-subscribe/Vacation, http://szaroconsulting.com/cts/list_options.htm -> -> List HowTo: http://szaroconsulting.com/cts/faq -> -> To join Computer Talk Shop's off topic list, please goto: -> http://szaroconsulting.com/cts/other_cts_lists.htm -> ----------------------------------------------------------------- ---------- -> ------ -> --- Look OUT you varmits, This msg is Virus Free! Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.384 / Virus Database: 216 - Release Date: 8/21/2002 --------------------------------------------------------------------------- ----- Computer Talk Shop http://www.computertalkshop.com Un-subscribe/Vacation, http://szaroconsulting.com/cts/list_options.htm List HowTo: http://szaroconsulting.com/cts/faq To join Computer Talk Shop's off topic list, please goto: http://szaroconsulting.com/cts/other_cts_lists.htm --------------------------------------------------------------------------- ------