Thanks for the wonderful information. I use Outlook Express %, and was
personally "infected" by a private message from Ms. Moody. Her messages to
the list continually send up a red flag asking if I would like to run
"activeX" files. Of course, I say no. The original virus she "gave" me was
the Happy99 virus, and thanks to some help from others who were hit, I think
the problem is solved. Please let me know if there are other issues going
on.
For the moment, Ms. Moody - DO NOT send out e-mails to anyone until you have
resolved the problem. You are seriously affecting many of us on the list.
Pamela
----- Original Message -----
From: Ehrenfried Ehrenstein <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, March 19, 2000 8:25 AM
Subject: Re: ATTN: Possible list virus/worm? It's actually topical.
> Ann-Marie L. Roberts wrote:
> > I also get warnings from Ms. Moody's messages. I have InocuLan Antivirus
> > software. About a month ago this person sent me a message in private
that
> > affected my computer with a Trojan virus. This also happened to other
people
> > on the list that received messages from her.
> >
> Unfortunately it's absolutely true. So this virus warning isn't a hoax at
all.
> As far, as I can see, the virus is viable. :-(((
>
> I can read this virus in the source of Annies email,
> which activates in Outlook Express 5 an objectX control, modifies the
> autoexec.bat, several entries in the registry (the autorun too, check it
for an
> entry named "cAg0u" with a content ending with .hta. Look in:
> HighKeyLocalMachine-Softw.-Microsoft-Windows-CurrentVersion-Run). It
changes
> the autostart folder (windows\start menu\programs\autostart) too and... -
last
> but not least - ... it will alert you at the 1st of a month after 17:00
with
> "Kagou-Anti-Kro$oft says not today !" and shut down Windows thereafter...
>
> So it helps you, to get a computer-free evening. Mustn't be soo bad,
because
> your gerbils will love the more time, you spend with them. ;o))
>
> For a javascript programmer like me, who is interestet in new scripts,
this
> example is very interesting, and because I DON'T USE OUTLOOK EXPRESS, no
> e-mail-scripts are executed on my machine and I have no damage at all.
This is
> oviously the best solution!
>
> But all members of GML, who have read a message from Annie Blanche Moody
in
> Outlook-Express 5, may be infected from now on and should check the files
named
> above, make a search for files kak.* (at least on Harddrive C:), and at
least
> they should check in extras... options... signature, if they can find
there
> some unusual (don't know, if a HTML-attachment is obvious there? The
signature
> is saved in Registry in the Outlook subfolder of HKCU... identities...).
>
> Prevention: They should check, if the security options of Explorer choosen
in
> Outlook Express at least give an alert, when Explorer likes to execute an
> activeX (no matter whether it is signed as "secure" or not...).
>
> And of course mail should be sent as text-only. This is an absolutely must
be
> and no question. (Extras... options... send...). PLEASE!!
>
> Ehrenfried
>
