Posted on 04/13/2002 8:02:40 AM PDT by ex-Texan
Deadly New Virus Being Spread by E-Mail
Win32/myLife.J.Worm
This is an e-mail worm which spreads using Microsoft Outlook.
Subject: sexyy Screen Saver
Body: hi look to the screen saver it's very funny bye
Attachment: USA.scr
When run, the worm immediately displays a small picture in a window with the title "SHARON", similar to Win32.MyLife.G.
Meanwhile, it copies itself to the system directory as "USA.scr" and "sh.scr" and adds the following registry value so it will be run each time Windows starts:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\scr="%System%\sh.scr"
The worm spreads in a similar way to other Win32.Mylife variants. It sends itself out using Microsoft Outlook to all addresses in the Outlook address book and the Microsoft Messenger contact list.
It also sends an email message to a hardcoded address with the
Subject: funny Screen Saver
Body: hi all, look to the 3D screen saver it's very funny bye
Attachment: sh.scr
The eTrust InoculateIT signature updates listed below contain detection and system cure for Win32/MyLife.J.
To cure an infected system, all files being detected as Win32/MyLife.J must be deleted. This can either be done manually or by setting eTrust InoculateIT to delete infected files.
Anyway, check out web2mail.com. It solves lots of problems.
Count on it. It will happen because far too many people refuse to take the time and effort to examine the full filenames of attachments. They are too eager to see what the attachment is. There are some serious Darwin candidates out there.
An even better rule to remember is to never open any attachment without first saving it to a disk and running a virus scan on the file. You can't rely too much on the extension because some people will hide them, for example by naming the file sexyscreensaver.txt.exe - in this case the file would look like a .txt file in your e-mail window but it is really an .exe file. Scan first, then open.
I give anyone that wishes to e-mail me the URL for FreeRepublic.com,
tell them to sign on as a member, and then send me FReepmail at ASA Vet.
If they're not interested in becoming FReepers, I'm not interested in getting their mail.
I believe removing it from XP would be similar to W2K/ME/NT. Try here:
AMISH VIRUS - You have just received the Amish Virus. Since we do not have electricity nor computers, you are on the honor system. Please delete all of your files.
Thank thee.
This morning I had to tone down some of the Zone Alarm pro features, it wasn't even letting my own website display.
It was driving me nuts trying to find why the new things I'd uploaded wouldn't display properly.
I'm also running AdSubtract Pro and had to turn off some of that.
Between the Norton, Zone AlarmPro, and AdSubtract Pro, I'm lucky to be allowed to sign on to FR.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.