Posted on 04/13/2002 8:02:40 AM PDT by ex-Texan
Deadly New Virus Being Spread by E-Mail
Win32/myLife.J.Worm
This is an e-mail worm which spreads using Microsoft Outlook.
Subject: sexyy Screen Saver
Body: hi look to the screen saver it's very funny bye
Attachment: USA.scr
When run, the worm immediately displays a small picture in a window with the title "SHARON", similar to Win32.MyLife.G.
Meanwhile, it copies itself to the system directory as "USA.scr" and "sh.scr" and adds the following registry value so it will be run each time Windows starts:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\scr="%System%\sh.scr"
The worm spreads in a similar way to other Win32.Mylife variants. It sends itself out using Microsoft Outlook to all addresses in the Outlook address book and the Microsoft Messenger contact list.
It also sends an email message to a hardcoded address with the
Subject: funny Screen Saver
Body: hi all, look to the 3D screen saver it's very funny bye
Attachment: sh.scr
The eTrust InoculateIT signature updates listed below contain detection and system cure for Win32/MyLife.J.
To cure an infected system, all files being detected as Win32/MyLife.J must be deleted. This can either be done manually or by setting eTrust InoculateIT to delete infected files.
Never open an unsolicited attachment with any of the following file types:
.EXE, .COM, .BAT, .PIF, .LNK, .VBS, .VBE, .REG, .CMD, or .SCR
Following this rule will eliminate the risk of virtually all email-borne worms.
Additionally, I would suggest ensuring that file extensions are set to display (so a file FOO.TXT.EXE doesn't simply appear as FOO.TXT), and would recommend using Wordpad to open .doc files (it usually produces okay-looking results, but can't run any imbedded macros).
I have got a font glitch that appeared this week that has me stumped.
Also, when I try to log onto raginbull.com, I get an internal server error, even though I can log on through Netscape. (I've dumped my temp files and cookies.)
http://ragingbull.lycos.com/cgi-bin/static.cgi/a=index.txt&d=mainpages
I have no answers about a Windows forum but you might try searching around at www.msn.com ...
Their NNTP server is msnews.microsoft.com, and if you don't have an NNTP reader, I think they're also carried by Google, IIRC.
It sends itself out using Microsoft Outlook to all addresses in the Outlook address book and the Microsoft Messenger contact list.
So what else is new? Perhaps someday there will be a class action lawsuit against Mr. Gates & Co. for the bajillions of dollars and hours of productivity lost because of their unbelievably insecure software.
In the meantime, a couple of solutions to this problem:
1. Don't use Microsoft Outlook or Microsoft Outlook Express. There are plenty of other excellent email programs out there and most are free.
2. If you MUST use Outlook, make sure you have anti-virus software installed. Update your virus definitions on a regular (ie weekly) basis. Get and install a copy of ZoneAlarm, a personal firewall. It's free and excellent.
Actually, everyone should be running anti-virus and firewall software. If they were, the spread of viruses would be nill. And ZoneAlarm will prevent the various 'phone-home' software applications from communicating with their mothership.
Is it one where everything looks ok, then just "dissolves" into giberish? I had that problem a few years ago. I cured it with a little gem from Microsoft called "Tweak UI"
Go find it and grab it. It adds an icon to your control panel with lots of nice little things it will let you do. One of the added features is "Rebuild Fonts".
Oh and, as for my glitch, it affects only portions of the fonts on certain web pages and even when using Windows Explorer. For instance, when I open My Documents, the "My Documents" which is displayed with sky background appears to be an extreme "data" type font. This same font appears only on portions of some web pages - my Ameritrade account for instance.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.