----[Please read http://ercoupers.com/disclaimer.htm before following any advice in this forum.]----
I just received this from our computer tech nerd. I could not find anything at McAfee about it. Either as a real threat or a hoax. So, I though I'd pass it on so you can all be on the lookout, just in case. Mike Dean -----Original Message----- From: Deanna Wetzel Sent: Monday, January 14, 2002 2:18 PM To: All Employees Subject: Virus warning for home pc i received this alert today. we are not at any risk here, however, it would be harmful to a home pc. the info below explains what to watch for & what damage could be done. The key info is highlighted & underlined, however the other info can be useful if infected. This threat is detected as VBS/[EMAIL PROTECTED] with the 4141 DATs or newer. It arrives via Internet Relay Chat, or in an email message containing the following information: Subject: Outlook Express Update Body: MSNSofware Co. Attachment: Mmsn_offline.htm Opening the attachment infects the local system. The worm sends itself to all Microsoft Outlook Contacts and Windows Address Book entries using MAPI. Copies of the worm are created using different formats: C:\B.HTM C:\BLA.HTA C:\WINDOWS\help\mmsn_offline.htm C:\WINDOWS\SAMPLES\WSH\Charts.js %drive letter%\Start Menu\Programs\StartUp\msoe.hta (on network drives) The C:\AUTOEXEC.BAT file is over written with Echo y|format c: All SCRIPT.INI files are overwritten with mIRC script commands to send the virus to others when they join a channel that an infected user is on. All .ASP, .HTM, and .HTML files are overwritten with the virus code. The content of all other files is deleted if the day is 1,5,10,15, or 20, leaving them with 0 bytes of data. The following registry keys are created: HKEY_LOCAL_SYSTEM\Software\Microsoft\Windows\CurrentVersion\ Run\NAV DefAlert=C:\WINDOWS\help\mmsn_offline.htm HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0 Symptoms: - Windows gives an error upon reboot, "Error in EXE file" - Most files have been changed to 0 bytes in length - Most files have the default Windows icon associated with them If the virus executed on the system, the user may have to reinstall the operating system, all applications, and restore any documents from backup. Additional Windows ME Info: NOTE: Windows ME utilizes a backup utility that backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. These instructions explain how to remove the infected files from the C:\_Restore folder. Disabling the Restore Utility 1. Right click the My Computer icon on the Desktop, and choose Properties. 2. Click on the Performance Tab. 3. Click on the File System button. 4. Click on the Troubleshooting Tab. 5. Put a check mark next to "Disable System Restore". 6. Click the Apply button. 7. Click the Close button. 8. Click the Close button again. 9. You will be prompted to restart the computer. Click Yes. NOTE: The Restore Utility will now be disabled. 10. Restart the computer in Safe Mode. 11. Run a scan with VirusScan to delete all infected files, or browse the file's located in the C:\_Restore folder and remove the file's. 12. After removing the desired files, restart the computer normally. NOTE: To re-enable the Restore Utility, follow steps 1-9 and on step 5 remove the check mark next to "Disable System Restore". The infected file's are removed and the System Restore is once again active. ==^================================================================ This email was sent to: [EMAIL PROTECTED] EASY UNSUBSCRIBE click here: http://topica.com/u/?aVxiLm.aVzvvT Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
<<attachment: winmail.dat>>
