Re: New Virus??

[Jeremy Morton]

for more information go to: http://vil.mcafee.com/dispVirus.asp?virus_k=99198&;


|--------+--------------------------------->
|        |   "Kelly Borndale"              |
|        |   <[EMAIL PROTECTED]>        |
|        |                                 |
|        |                                 |
|        |   Thursday September 6, 2001    |
|        |   10:33 AM                      |
|        |   Please respond to "NT System  |
|        |   Admin Issues"                 |
|        |                                 |
|--------+--------------------------------->
  >-----------------------------------------------------------------------|
  |                                                                       |
  |      To:                                  "NT System Admin Issues"    |
  |       <[EMAIL PROTECTED]>                         |
  |      cc:      (bcc: Jeremy Morton/O&S/Prudential)                     |
  |      Subject: Re: New Virus??                                         |
  >-----------------------------------------------------------------------|





Yes.  It is a virus.  Use Antigen from Sybari Software on your exchange or Notes
servers, we had updates for it days ago.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
K.Borndale

[EMAIL PROTECTED] -home email
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ----- Original Message -----
  From: Ralph Davis
  To: NT System Admin Issues
  Sent: Thursday, September 06, 2001 10:24 AM
  Subject: New Virus??


  Has anyone heard about this?  I was told its spreading throught Europe.  Any
  validity to it?

  There is a new Virus that has been spotted as of Sept 03, 2001. Please be
aware.
  It spreads rapidly!

  ** | VIRUS WARNING - Win32.Apost.A@mm| **

  Central Command is issuing a virus warning due to increased
  infection reports for this new backdoor that was discovered on
  September 3rd, 2001.

  ** | DESCRIPTION | **

  Win32.Apost.A@mm is an Internet Worm that works on Windows systems.
  It spreads through e-mails as an attached file and is activated
  when the user executes the attachment.

  When is executed, the virus copies itself in the root of every
  drive (including floppy-disk) under the name readme.exe. Also, it
  copies itself in the Windows directory and sets the following
  registry key to be executed at every startup:

  HKCU\Software\Microsoft\Windows\CurrentVersion\Run\macrosoft
  "%windir%\readme.exe"

  After this, it uses MAPI (Mailing Application Programming
  Interface) to send e-mail to every contact in the user's Address
  Book and sets Outlook to erase these messages after they are sent.
  The mail looks like this:

  Subject: As per your request!
  Body: Please find attached file for your review. I look forward to
  hear from you again very soon. Thank you.
  Attachment: readme.exe

  ralph

  http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm