From: "Leonardo Dias" <[EMAIL PROTECTED]>
> OK ?
> Obs.: � uma pessoa da lista que esta infectando todo mundo...
Ei gente, nao eh ninguem desta lista que esta infectando todos nao. Este
virus esta atacando o mundo todo, recebi emails falando do virus (e enviando
o mesmo) de varios colegas aqui nos Estado Unidos, na Europa, Brasil e
Australia. Eh um ataque mundial, e nao algo da SouJava.
Tenho algumas informacoes sobre o tipo de ataque do virus que podem ser
uteis:
The ILOVEYOU virus does the following things
___________________________________________________________________________
1. modify scripting timeout of windows registry
SOLUTION: doesn't matter
___________________________________________________________________________
2. create three files name as MSKernel32.vbs, Win32DLL.vbs,
LOVE-LETTER-FOR-YOU.TXT.vbs
in windows system directory, windows directory and windows system directory
respectively
SOLUTION: search all the .vbs file with string "i hate go to school" and
delete them
BEST SOLUTION: delete all of your .vbs .vbe file
___________________________________________________________________________
3. rewrite every .vbs .vbe with its own code.
SOLUTION: same as above
___________________________________________________________________________
4. rewrite every .js .jse .css .wsh .sct .hta with its own code and rename
it to .vbs
SOLUTION: same as above
___________________________________________________________________________
5. rewirte every .jpg .jpeg .mp3 .mp2 with its own code and rename it to
.jpg.vbs .jpeg.vbs .mp3.vbs .mp2.vbs
SOLUTION: same as above
___________________________________________________________________________
6. modify registry to enable running of some code when windows startup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win
32DLL
SOLUTION: if you have done solution of step 2, it doesn't matter
BEST SOLUTION: remove these two registry
___________________________________________________________________________
7. modify registry to enable automatic downloading of some more dangerous
.exe virus
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
SOLUTION: do not start IE until you removed that registry.
BETTER SOLUTION: if you are infected and have restarted your computer,
resort to
some professional anti-virus software.
TOP SOLUTION: do not use M$ windows at all!!!!!!!!!!!!!!!!!!!!!!!!!!
___________________________________________________________________________
8. modify registry to enable running of some more dangerous .exe virus
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUGSFIX
SOLUTION: MUST delete this registry
___________________________________________________________________________
9. generate a html name as LOVE-LETTER-FOR-YOU.HTM in windows system
directory
SOLUTION: delete it, and NEVER open it.
___________________________________________________________________________
10. modify mIRC script file to send email to everyone in mIRC address book.
SOLUTION: delete script.ini in mIRC directory, and write this email to
everyone in your mIRC address book. (only if you are infected)
___________________________________________________________________________
11. Send an email containing a copy of that virus to everyone in Outlook
address book.
SOLUTION: send this email to every one in your address book (Only if you are
infected)
___________________________________________________________________________
--------------------------- LISTA SOUJAVA ---------------------------
http://www.soujava.org.br - Sociedade de Usu�rios Java da Sucesu-SP
[d�vidas mais comuns: http://www.soujava.org.br/faq.htm]
[para sair da lista: http://www.soujava.org.br/forum/cadastrados.htm]
[regras da lista: http://www.soujava.org.br/regras.htm]
---------------------------------------------------------------------
