 |
|
 |
| Sunday, September 05, 2010
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
SullyC |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
53 |
 |
People Online: |
 |
Visitors:
1 |
 |
Members:
0 |
 |
Total:
1 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/20/2002 1:41 PM |
|
| McAfee have taken the unusual step of releasing their next engine and data file updates just two days after their normal release. The accompanying note stated that this special distribution is to cover the W32/Navidad@M Internet worm/virus.
Unlike similar worms, this one arrives as a reply to a message that you sent to a person whose computer is infected. This is a bit sneaky because you probably expected to get a reply!
You can safely read the reply. However, be sure to carefully discard the attached NAVIDAD.EXE file and empty your Recycle Bin.
In addition to the usual profile of characteristics, the Networks Associates Avert Labs entry for this combination virus and worm gives detailed instructions for manual cleanup at http://vil.nai.com/vil/virusSummary.asp?virus_k=98881.
CAUTION!
The instructions involve some tricky maneuvers including renaming critical program files and editing the Windows Registry. If you have any doubts about your ability to follow the directions correctly and safely, please seek professional help!
Background
There have been a few similar virus/worm programs in the past, though few seem to have spread very far. The name of the payload file, NAVIDAD.EXE is the Spanish word for Christmas, hence my choice of title for this message. According to Network Associates, Inc., they have received significant numbers of samples over the past week and so have raised their risk assessment to Medium On Watch,. This means that they think it may spread significantly next week.
In its discussion of the method of infection, the McAfee article states that the virus can be terminated, giving simple instructions for doing so. While this will cause the current instance of the infector to exit, the program will start again the next time the computer is booted unless you remove the virus as described in the article.
At http://www.symantec.com/avcenter/venc/data/w32.navidad.html, the Symantec report gives a similar assessment as follows:
Number of Infections is high, more than 1,000 reported.
Damage assessment is high, meaning that if you become infected, your system suffers serious damage.
Distribution is medium, indicating that it is moderately easy to spread the worm.
Like most recent worms, this one uses Microsoft Outlook to spread itself, though the information at the McAfee site seems to imply that it may be able to use any MAPI enabled mail program. If true, this means that the virus could conceivable take advantage of other mail programs such as Eudora Pro IF the MAPI features have been enabled. They are disabled by default.
As with all such worms, you don't need Outlook or a MAPI aware mail program to become its victim, though you would be incapable of infecting others.
Symptoms
There are two main and quite visible symptoms of infections:
1) A blue "eye" icon appears next to the clock in your task bar.
2) Whenever you run an EXE file (that is, any time you start a program), an error message is displayed and the program does not run.
Prevention
As always, the best prevention is to avoid opening suspicious or unexpected attachments, especially programs!
Please remember that this worm will accompany a reply to a message that you sent to its last victim. Since the worm changes neither the body nor the subject of the message, your only clue will be the attached program file. Please carefully delete it, then purge your Recycle Bin.
If you use the McAfee virus scanner, you should update your virus signature files to the latest version, 4105, which was released late Friday. My set arrived via Enterprise SecureCast late Friday evening and this morning. If you are not on Enterprise SecureCast, you can get your updates at http://www.mcafeeb2b.com/naicommon/download/dats/find.asp.
If you use Norton Anti-Virus, they say that it is included in their update set dated 6 November 2000 which was last Monday. If you need to update your virus signatures, please visit their download site at http://www.symantec.com/avcenter/download.html.
This concludes this VirusWarn notice.
Compute safely,
Lee Drake, Moderator |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|