[CTS] Re: Office Question

  • From: "Charles R. Buchanan" <crbgfblab@xxxxxxxxxxxxx>
  • To: <computertalkshop@xxxxxxxxxxxxx>
  • Date: Tue, 3 Sep 2002 19:40:43 -0700

and a cousin.....

Under Windows 98 and Windows Me W32/ElKern-A copies itself to the Windows
System directory as the hidden file Wqk.exe, and sets the registry key
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WQK to point to this file
so that the virus runs every time the computer is rebooted.

-> -----Original Message-----
-> From: computertalkshop-bounce@xxxxxxxxxxxxx
-> [mailto:computertalkshop-bounce@xxxxxxxxxxxxx]On Behalf Of Charles R.
-> Buchanan
-> Sent: Tuesday, September 03, 2002 7:34 PM
-> To: computertalkshop@xxxxxxxxxxxxx
-> Subject: [CTS] Re: Office Question
->
->
->
-> Just a snipet:
->
-> The worm attempts to exploit a MIME vulnerability in some versions of
-> Microsoft Outlook, Microsoft Outlook Express, and Internet
-> Explorer to allow
-> the executable file to run automatically without the user
-> double-clicking on
-> the attachment. Microsoft has issued a patch which secures against this
-> vulnerability which can be downloaded from
-> http://www.microsoft.com/technet/security/bulletin/MS01-027.asp.
-> (This patch fixes a number of vulnerabilities in Microsoft's software,
-> including the one exploited by this worm.)
->
-> The worm copies itself to remote shares on other machines with random
-> filenames. It also copies itself to the Windows System directory as
-> krn132.exe, and sets the registry key
->
-> HKLM\Software\Microsoft\Windows\
-> CurrentVersion\Run\krn132
->
-> to point to that file.
->
->
->
->
->
-> -> -----Original Message-----
-> -> From: computertalkshop-bounce@xxxxxxxxxxxxx
-> -> [mailto:computertalkshop-bounce@xxxxxxxxxxxxx]On Behalf Of
-> -> DBCfour@xxxxxxx
-> -> Sent: Tuesday, September 03, 2002 7:20 PM
-> -> To: computertalkshop@xxxxxxxxxxxxx
-> -> Subject: [CTS] Re: Office Question
-> ->
-> ->
-> -> In a message dated 9/3/2002 9:52:49 PM Eastern Daylight Time,
-> -> crbgfblab@xxxxxxxxxxxxx writes:
-> ->
-> ->
-> -> > Another question. Was it IE Repair you tried or the Detect
-> and Repair
-> -> > function in O2K?
-> ->
-> -> Both...numerous times...in varying order...
-> ->
-> -> Donna
->
->
-> ---
-> Look OUT you varmits, This msg is  Virus Free!
-> Checked by AVG anti-virus system (http://www.grisoft.com).
-> Version: 6.0.384 / Virus Database: 216 - Release Date: 8/21/2002
->
->
-> -----------------------------------------------------------------
----------
-> -----
-> Computer Talk Shop http://www.computertalkshop.com
-> Un-subscribe/Vacation, http://szaroconsulting.com/cts/list_options.htm
->
-> List HowTo: http://szaroconsulting.com/cts/faq
->
-> To join Computer Talk Shop's off topic list, please goto:
-> http://szaroconsulting.com/cts/other_cts_lists.htm
-> -----------------------------------------------------------------
----------
-> ------
->
---
Look OUT you varmits, This msg is  Virus Free!
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.384 / Virus Database: 216 - Release Date: 8/21/2002


---------------------------------------------------------------------------
-----
Computer Talk Shop http://www.computertalkshop.com
Un-subscribe/Vacation, http://szaroconsulting.com/cts/list_options.htm

List HowTo: http://szaroconsulting.com/cts/faq

To join Computer Talk Shop's off topic list, please goto:
http://szaroconsulting.com/cts/other_cts_lists.htm
---------------------------------------------------------------------------
------

Other related posts:

  1. Home
  2. computertalkshop
  3. Archive
  4. 09-2002