Colext/Macondo
Cantina virtual de los COLombianos en el EXTerior
--------------------------------------------------
';''; Es JS/loop pero hay que escribirlo JS loop en el t�tulo (SUBJECT)
McAfee OnLine me hizo el favorcito de detener y eliminar a este caballo de
Troya que se quer�a infiltrar en mi amurallado recinto. Ven�a escondido
entre un mensaje recibido de un NG (newsgroup--el cual estoy identificando
ahora mismo--) Ha estado dando vueltas por el ciberespacio desde el a�o
pasado
Env�o la informaci�n en ingl�s, pero si alguna persona as� lo desea, puedo
hacer (luego) un resumencito en castellano.
Saludos!
PANGosaurus2002
;'';
-------------------------------
Virus Profile
Virus Name: JS/Loop
Risk Assessment Low
Virus Information:
Date Discovered: 4/8/2001
Date Added: 10/4/2001
Origin: Unknown
Length: Varies
Type: Trojan
SubType: JavaScript
DAT Required: 4133
Update ActiveShield
Perform a Scan
Download the latest
DAT files
Virus Characteristics: This is a trojan horse, not a virus.
This trojan is an infinite loop in JavaScript embedded in HTML. It has often
been posted to newsgroups in a HTML message.
Loop means it executes the same action over and over without stopping. They
usually repeatedly open new browser Windows until the script is stopped or
the computer crashes.
Another kind displays a message box repeatedly, usually a hoax like:
** WARNING ** Windows has detected the alt.config virus on your hard drive.
If you have recently opened an email or newsgroup message and see this alert
your system is infected.
There is no alt.config virus. alt.config is a legitimate newsgroup.
Newsgroup messages which contain the JS/Loop trojan are usually forgeries.
The From line is faked in order to get it to look like the message came from
someone the real poster doesn't like. The current wave of JS/Loop postings
(Oct 2001) are being posted to get back at some users of the alt.config
newsgroup. The forger posts in the name of an alt.config regular, usually
crossposted to alt.config plus several unrelated newsgroups.
Since this trojan is usually downloaded from Newsgroups and immediately
displayed and run, there will probably not be any files containing this
trojan on your computer, even if you were affected by it (but it is
sometimes possible to find it in "Temporary Internet Files"). JS/Loop does
not try it install itself on your computer or have any permanent effects.
But it may force you to perform an unexpected reboot, and you may lose
unsaved data that way.
It is best to avoid JS/Loop altogether by using a text-only newsreader, or
if you are using Outlook Express, disable "Active Scripting" in the
"Restricted Sites" zone and set NewsGroups to run in the "Restricted Sites"
zone. To do this:
-open Internet Explorer
-choose the Tools menu
-choose Internet Options
-click the Security tab
-click the Restricted Sites icon
-click "Custom Level"
-scroll down to "Active Scripting" and set it to Disable or Prompt
-Click OK
-open Outlook Express
-choose the Tools menu
-choose Options
-click the Security Tab
-In the "Security Zones" section, choose the "Restricted Sites" zone
Indications Of Infection: Multiple message boxes appearing in rapid
succession.
Method Of Infection: This threat often exists as embedded javascript.
Viewing a web page, newsgroup, or email message can cause this trojan to
drop its payload.
Removal Instructions: All Users:
Use current engine and DAT files for detection and removal. Delete any file
which contains this detection.
Additional Windows ME Info:
NOTE: Windows ME utilizes a backup utility that backs up selected files
automatically to the C:\_Restore folder. This means that an infected file
could be stored there as a backup file, and VirusScan will be unable to
delete these files. These instructions explain how to remove the infected
files from the C:\_Restore folder.
Disabling the Restore Utility
1. Right click the My Computer icon on the Desktop, and choose Properties.
2. Click on the Performance Tab.
3. Click on the File System button.
4. Click on the Troubleshooting Tab.
5. Put a check mark next to "Disable System Restore".
6. Click the Apply button.
7. Click the Close button.
8. Click the Close button again.
9. You will be prompted to restart the computer. Click Yes.
NOTE: The Restore Utility will now be disabled.
10. Restart the computer in Safe Mode.
11. Run a scan with VirusScan to delete all infected files, or browse the
file's located in the C:\_Restore folder and remove the file's.
12. After removing the desired files, restart the computer normally.
NOTE: To re-enable the Restore Utility, follow steps 1-9 and on step 5
remove the check mark next to "Disable System Restore". The infected file's
are removed and the System Restore is once again active.
--------------------------------------------------------------
To unsubscribe send an email to: [EMAIL PROTECTED]
with UNSUBSCRIBE COLEXT as the BODY of the message.
Un archivo de colext puede encontrarse en:
http://www.mail-archive.com/[email protected]/
cortesia de Anibal Monsalve Salazar
