[windows2000] Re: VIRUS WARNING
- From: "mustafa" <mustafa@xxxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Mon, 19 May 2003 16:04:07 +0100
We are running the Corporate edition here and it blocked it this morning.
----- Original Message -----
From: "Chris McEvoy" <chris@xxxxxxxxxxxxxxxxx>
To: <windows2000@xxxxxxxxxxxxx>
Sent: Monday, May 19, 2003 2:32 PM
Subject: [windows2000] Re: VIRUS WARNING
>
> Thanks Jim. Do you know if the latest Norton definitions can catch this
> one?
>
> > -----Original Message-----
> > From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=20
> > Sent: Monday 19 May 2003 14:24
> > To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx;=20
> > brainstem@xxxxxxxxxxxxx
> > Subject: [windows2000] VIRUS WARNING
> >=20
> >=20
> >=20
> > If you receive an email from Support@xxxxxxxxxxxxx that has=20
> > an attachment DO NOT OPEN IT! This is a virus. Delete it=20
> > immediately. My mcaffee I updated yesterday is not catching=20
> > this one. Watch out! Regards, Jim Kenzig
> >=20
> >=20
> > VIRUS WARNING The Central Command(r) Emergency Virus Response=20
> > Team(tm) (EVRT(tm)) has received virus infection reports for the=20
> > new Internet Worm/Palyh.A=20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D030518-000043>. Due to increased customer inquires=20
> > and infection reports the EVRT is issuing a VIRUS ALERT.
> >=20
> > You are receiving this news letter because you are a=20
> > subscriber to the Central Command Virus News mailing list.
> >=20
> > [ EVRT(tm) Virus Warning issued for Worm/Palyh.A=20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D030518-000043> ]
> >=20
> > Name: Worm/Palyh.A=20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> > user/std_adp.p
> > hp?p_refno=3D030518-000043>
> > Alias: Win32.Palyh-A
> > Type: Internet Worm
> > Discovered: May 18, 2003
> > Size: 52.955KB
> > Platform: Microsoft Windows 9x/ME/NT/2000/XP
> >=20
> >=20
> > Description:
> >=20
> > Worm/Palyh.A=20
> > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end
> user/std_adp.p
> hp?p_refno=3D030518-000043> is an Internet worm that spreads through
> e-mail by using addresses it collects in the files with the following
> extensions, .dbx, .eml, .htm, .html, .txt, and .wab.
>
> The worm may arrive in via email in the following format:
>
> From: support@xxxxxxxxxxxxx
> Subject: (it will contain one of the following)
>
> - Your Password
> - Screensaver
> - Re: Movie
> - Your details
> - Approved (Ref: 38446-263)
> - Re: Approved (Ref: 3394-65467)
> - Cool screensaver
> - Re: My details
> - Re: My application
> - Re: Movie
>
> Attachment: (it will contain one of the following)
>
> - movie28.pif
> - application.pif
> - ref-394755.pif
> - approved.pif
> - doc_details.pif
> - your_details.pif
> - screen_temp.pif
> - screen_doc.pif
> - password.pif
>
> If executed, the worm copies itself in the \windows\ directory under the
> filename "mscon32.exe".
>
> So that it gets run each time a user restart their computer the
> following registry key gets added:
>
> - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
> "System Tray"=3D"C:\\WINDOWS\\MSCON32.EXE"
>
>
>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm
>
> ==================================
> To Unsubscribe, set digest or vacation
> mode or view archives use the below link.
>
> http://thethin.net/win2000list.cfm
>
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
