[windows2000] Re: VIRUS WARNING
- From: SewardAdmin <mwm@xxxxxxx>
- To: windows2000@xxxxxxxxxxxxx
- Date: Mon, 19 May 2003 06:11:43 -0800
Hi,
Norton AV - Corporate Version 8 catches this one - and we've never had a
virus problem, even in previous versions. However, since version 8, all
virus-defs are less than 100kbs for updates, but before this version,
auto-updates downloaded the entire listing - prior to updating.... which was
stupid! Now - auto-updates are almost instant - as well as all users on the
server.
Another great feature that NavCorp has added, was to keep it in the
background - and not bother anyone. All viruses - via email or other
means - can be setup to automatically delete - and users are not bothered by
the "Virus Found!" screen! There are many more features - but I'm keeping
with the current subject.
As far as censorship - we don't! Our IT-Staff is here to server the users,
not limit them in the ways that they can get business done! We allow any
attachments at our organization ( for the last 3 years ) - exe's included -
and have never been infected. 99.9% of all emails with viruses (at our
organization) - are from unknown parties, and are delete by NavCorp
immediately. No one has to be bothered - including the IT-Staff, just
because a Virus has been sent. We can always refer to our logs - if needed.
This is an IT-Staffers responsibility, making sure that files are safe for
viewing and using, while not impeding the work flow. And though I realize
that many IT-Departments have stricter standards and methods of ideology -
we wouldn't have a job without users!
Regards
Mike
----- Original Message -----
From: "Chris McEvoy" <chris@xxxxxxxxxxxxxxxxx>
To: <windows2000@xxxxxxxxxxxxx>
Sent: Monday, May 19, 2003 5:32 AM
Subject: [windows2000] Re: VIRUS WARNING
>
> Thanks Jim. Do you know if the latest Norton definitions can catch this
> one?
>
> > -----Original Message-----
> > From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=20
> > Sent: Monday 19 May 2003 14:24
> > To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx;=20
> > brainstem@xxxxxxxxxxxxx
> > Subject: [windows2000] VIRUS WARNING
> >=20
> >=20
> >=20
> > If you receive an email from Support@xxxxxxxxxxxxx that has=20
> > an attachment DO NOT OPEN IT! This is a virus. Delete it=20
> > immediately. My mcaffee I updated yesterday is not catching=20
> > this one. Watch out! Regards, Jim Kenzig
> >=20
> >=20
> > VIRUS WARNING The Central Command(r) Emergency Virus Response=20
> > Team(tm) (EVRT(tm)) has received virus infection reports for the=20
> > new Internet Worm/Palyh.A=20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D030518-000043>. Due to increased customer inquires=20
> > and infection reports the EVRT is issuing a VIRUS ALERT.
> >=20
> > You are receiving this news letter because you are a=20
> > subscriber to the Central Command Virus News mailing list.
> >=20
> > [ EVRT(tm) Virus Warning issued for Worm/Palyh.A=20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D030518-000043> ]
> >=20
> > Name: Worm/Palyh.A=20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D030518-000043>
> > Alias: Win32.Palyh-A
> > Type: Internet Worm
> > Discovered: May 18, 2003
> > Size: 52.955KB
> > Platform: Microsoft Windows 9x/ME/NT/2000/XP
> >=20
> >=20
> > Description:
> >=20
> > Worm/Palyh.A=20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> user/std_adp.p
> hp?p_refno=3D030518-000043> is an Internet worm that spreads through
> e-mail by using addresses it collects in the files with the following
> extensions, .dbx, .eml, .htm, .html, .txt, and .wab.
>
> The worm may arrive in via email in the following format:
>
> From: support@xxxxxxxxxxxxx
> Subject: (it will contain one of the following)
>
> - Your Password
> - Screensaver
> - Re: Movie
> - Your details
> - Approved (Ref: 38446-263)
> - Re: Approved (Ref: 3394-65467)
> - Cool screensaver
> - Re: My details
> - Re: My application
> - Re: Movie
>
> Attachment: (it will contain one of the following)
>
> - movie28.pif
> - application.pif
> - ref-394755.pif
> - approved.pif
> - doc_details.pif
> - your_details.pif
> - screen_temp.pif
> - screen_doc.pif
> - password.pif
>
> If executed, the worm copies itself in the \windows\ directory under the
> filename "mscon32.exe".
>
> So that it gets run each time a user restart their computer the
> following registry key gets added:
>
> - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
> "System Tray"=3D"C:\\WINDOWS\\MSCON32.EXE"
>
>
>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm
>
> ==================================
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
