mcafee's 4157 dat will stop it, over 1000 confirmed quarantines this
morning...
----- Original Message -----
From: "Ralph Davis" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Thursday, September 06, 2001 9:24 AM
Subject: New Virus??
> Has anyone heard about this? I was told its spreading throught Europe.
Any
> validity to it?
>
> There is a new Virus that has been spotted as of Sept 03, 2001. Please be
aware.
> It spreads rapidly!
>
> ** | VIRUS WARNING - Win32.Apost.A@mm| **
>
> Central Command is issuing a virus warning due to increased
> infection reports for this new backdoor that was discovered on
> September 3rd, 2001.
>
> ** | DESCRIPTION | **
>
> Win32.Apost.A@mm is an Internet Worm that works on Windows systems.
> It spreads through e-mails as an attached file and is activated
> when the user executes the attachment.
>
> When is executed, the virus copies itself in the root of every
> drive (including floppy-disk) under the name readme.exe. Also, it
> copies itself in the Windows directory and sets the following
> registry key to be executed at every startup:
>
> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\macrosoft
> "%windir%\readme.exe"
>
> After this, it uses MAPI (Mailing Application Programming
> Interface) to send e-mail to every contact in the user's Address
> Book and sets Outlook to erase these messages after they are sent.
> The mail looks like this:
>
> Subject: As per your request!
> Body: Please find attached file for your review. I look forward to
> hear from you again very soon. Thank you.
> Attachment: readme.exe
>
> ralph
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
