We are running the Corporate edition here and it blocked it this morning. ----- Original Message ----- From: "Chris McEvoy" <chris@xxxxxxxxxxxxxxxxx> To: <windows2000@xxxxxxxxxxxxx> Sent: Monday, May 19, 2003 2:32 PM Subject: [windows2000] Re: VIRUS WARNING > > Thanks Jim. Do you know if the latest Norton definitions can catch this > one? > > > -----Original Message----- > > From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=20 > > Sent: Monday 19 May 2003 14:24 > > To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx;=20 > > brainstem@xxxxxxxxxxxxx > > Subject: [windows2000] VIRUS WARNING > >=20 > >=20 > >=20 > > If you receive an email from Support@xxxxxxxxxxxxx that has=20 > > an attachment DO NOT OPEN IT! This is a virus. Delete it=20 > > immediately. My mcaffee I updated yesterday is not catching=20 > > this one. Watch out! Regards, Jim Kenzig > >=20 > >=20 > > VIRUS WARNING The Central Command(r) Emergency Virus Response=20 > > Team(tm) (EVRT(tm)) has received virus infection reports for the=20 > > new Internet Worm/Palyh.A=20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D030518-000043>. Due to increased customer inquires=20 > > and infection reports the EVRT is issuing a VIRUS ALERT. > >=20 > > You are receiving this news letter because you are a=20 > > subscriber to the Central Command Virus News mailing list. > >=20 > > [ EVRT(tm) Virus Warning issued for Worm/Palyh.A=20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D030518-000043> ] > >=20 > > Name: Worm/Palyh.A=20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D030518-000043> > > Alias: Win32.Palyh-A > > Type: Internet Worm > > Discovered: May 18, 2003 > > Size: 52.955KB > > Platform: Microsoft Windows 9x/ME/NT/2000/XP > >=20 > >=20 > > Description: > >=20 > > Worm/Palyh.A=20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > user/std_adp.p > hp?p_refno=3D030518-000043> is an Internet worm that spreads through > e-mail by using addresses it collects in the files with the following > extensions, .dbx, .eml, .htm, .html, .txt, and .wab. > > The worm may arrive in via email in the following format: > > From: support@xxxxxxxxxxxxx > Subject: (it will contain one of the following) > > - Your Password > - Screensaver > - Re: Movie > - Your details > - Approved (Ref: 38446-263) > - Re: Approved (Ref: 3394-65467) > - Cool screensaver > - Re: My details > - Re: My application > - Re: Movie > > Attachment: (it will contain one of the following) > > - movie28.pif > - application.pif > - ref-394755.pif > - approved.pif > - doc_details.pif > - your_details.pif > - screen_temp.pif > - screen_doc.pif > - password.pif > > If executed, the worm copies itself in the \windows\ directory under the > filename "mscon32.exe". > > So that it gets run each time a user restart their computer the > following registry key gets added: > > - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run > "System Tray"=3D"C:\\WINDOWS\\MSCON32.EXE" > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= > =3D=3D=3D=3D=3D=3D=3D=3D=3D > To Unsubscribe, set digest or vacation > mode or view archives use the below link. > > http://thethin.net/win2000list.cfm > > ================================== > To Unsubscribe, set digest or vacation > mode or view archives use the below link. > > http://thethin.net/win2000list.cfm > ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm