|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
2 |
 |
Members:
0 |
 |
Total:
2 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/20/2002 1:18 PM |
|
| What is affected:
All current Outlook and Outlook express users, who have not applied the latest security updates, and those with older anti-virus signatures. This virus propagates through those sources, but can be run on, and infect, any Windows based machine.
What you'll see :
An email from a "friend" labeled:
new photos from my party!
With the body of:
Hello!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
The attachment is a .com file disguised as a URL to click:
www.myparty.yahoo.com (while it LOOKS like a URL it's actually a .com executable file)
What It Does
This virus uses the now common method of hiding itself in the trashcan. It also inserts two programs called regctrl.exe and msstask.exe, and emails itself to many other users using your inbox and outbox as a source for email addresses. Users with a currently updated version of Outlook or Outlook express shouldn't be able to open this attachment, and users of McAfee and Norton will have the virus removed on scan if Heuristics are enabled, or if you have the latest virus signature versions (see below). It may also open up a link to Disney.com.
How to Protect Yourself
As always - enable Heuristic scanning in your virus scanner, scan all incoming messages, update to the latest versions and patches of Outlook and Outlook Express and (must we repeat ourselves) DON'T open unexpected attachments. This virus does little to hide it's source so be sure to contact the person that you originally got a copy from to let them know they're infected.
Caution!
Be aware that heuristic scanning may raise some false alarms. You should carefully investigate and confirm any alert raised by your software's heuristic scanner before you hit the panic button. Get expert assistance in this regard if necessary. You will recognize such a message as follows:
Symantec will tell you that the report is from Hound Dog, which is what they call their heuristic scanning module.
McAfee will identify the virus as being of "unknown type" or "New VBS."
Here are the instructions for several common brands of anti-virus software:
Symantec NAV 5.0:
1. Click Options.
2. Click the Scanner tab.
3. Click Heuristics.
4. Make sure that "Enable Bloodhound" is checked.
5. Move the slider all the way to the right, and then click OK.
6. Click the Auto-Protect tab.
7. Click Heuristics.
8. Make sure that "Enable Bloodhound" is checked.
9. Move the slider all the way to the right, and then click OK.
10. Click OK.
Symantec NAV 2000:
1. Click Options.
2. In the Options list, double-click Manual Scans.
3. In the Options list, under Manual Scans, click Bloodhound.
4. Make sure that "Enable Bloodhound" is checked.
5. Move the slider to Highest level of protection.
6. In the Options list, double-click Auto-Protect.
7. In the Options list, under Auto-Protect, click Bloodhound.
8. Make sure that "Enable Bloodhound" is checked.
9. Move the slider to Highest level of protection.
10. Click OK.
McAfee VirusScan 4.5:
1. Right-click the VirusScan Console icon in the lower right corner of your task bar.
2. Highlight Vshield.
3. Click Task, then Properties.
4. Click Configure.
5. Click the button marked "Advanced."
6. Check the box marked "Enable heuristic scanning."
7. Click "Enable macro and program file heuristics scanning" to fully enable the feature.
8. Click the button marked "Apply" to enable the new settings.
9. Click the button marked "Download Scan."
10. Click the button marked "Advanced."
11. Check the box marked "Enable heuristic scanning."
12. Click "Enable macro and program file heuristics scanning" to fully enable the feature.
13. Click the button marked "Apply" to enable the new settings.
14. Click on the "OK" button.
15. The system will prompt. "System Scan will be loaded on startup. Would you like to load it now?" Click Yes to do so.
Further Details
See references at:
http://www.sarc.com/avcenter/venc/data/w32.myparty@mm.html (January 27, 2002 virus definitions)
http://vil.mcafee.com/dispVirus.asp?virus_k=99332& (DAT required 4184)
Summary
This is a virulent, common but not nearly AS dangerous a virus as previous email viruses. Nontheless it can create havoc on your mail sistem and/or cause problems with your email hosts.
This concludes this VirusWarn notice.
Lee Drake, Moderator |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|