Ann-Marie L. Roberts wrote:
> I also get warnings from Ms. Moody's messages. I have InocuLan Antivirus
> software. About a month ago this person sent me a message in private that
> affected my computer with a Trojan virus. This also happened to other people
> on the list that received messages from her.
>
Unfortunately it's absolutely true. So this virus warning isn't a hoax at all.
As far, as I can see, the virus is viable. :-(((
I can read this virus in the source of Annies email,
which activates in Outlook Express 5 an objectX control, modifies the
autoexec.bat, several entries in the registry (the autorun too, check it for an
entry named "cAg0u" with a content ending with .hta. Look in:
HighKeyLocalMachine-Softw.-Microsoft-Windows-CurrentVersion-Run). It changes
the autostart folder (windows\start menu\programs\autostart) too and... - last
but not least - ... it will alert you at the 1st of a month after 17:00 with
"Kagou-Anti-Kro$oft says not today !" and shut down Windows thereafter...
So it helps you, to get a computer-free evening. Mustn't be soo bad, because
your gerbils will love the more time, you spend with them. ;o))
For a javascript programmer like me, who is interestet in new scripts, this
example is very interesting, and because I DON'T USE OUTLOOK EXPRESS, no
e-mail-scripts are executed on my machine and I have no damage at all. This is
oviously the best solution!
But all members of GML, who have read a message from Annie Blanche Moody in
Outlook-Express 5, may be infected from now on and should check the files named
above, make a search for files kak.* (at least on Harddrive C:), and at least
they should check in extras... options... signature, if they can find there
some unusual (don't know, if a HTML-attachment is obvious there? The signature
is saved in Registry in the Outlook subfolder of HKCU... identities...).
Prevention: They should check, if the security options of Explorer choosen in
Outlook Express at least give an alert, when Explorer likes to execute an
activeX (no matter whether it is signed as "secure" or not...).
And of course mail should be sent as text-only. This is an absolutely must be
and no question. (Extras... options... send...). PLEASE!!
Ehrenfried
