We have this too!! Nearly all Win 98 desktops are displaying all kinds of
.eml files plus a riched20.dll file which if opened with notepad says
something about a Concept China virus.
Just affected our Application Terminal Server at the moment, no idea where
it's come from, possibly our IIS server.
Any news gratefully appreciated, James.
> This message is in MIME format. Since your mail reader does not understand
> this format, some or all of this message may not be legible.
>
> ------_=_NextPart_001_01C1405D.DC3854E0
> Content-Type: text/plain;
> charset="iso-8859-1"
>
> My network is slammed with some uknown virus of some sort.....Both my NT 4.0
> servers running MS-Exchange 6.5 have about 2300 alien files which were
> deleted....a "readme.eml" is being executed by all users somehow
> automtically and its infecting all my NT domain. I can not Ctrl+Alt+Delete
> to log into any of the servers.....the display shows "initialization of the
> dynamic link library C:\WINNT\system32\USER32.dll failed. The process is
> terminating abnormally" OKaying this results in no effects....all servers
> have this displayed onscreen. For the ones that have admin already logged
> in, Services (control panel, settings) can not be accessed! "access to the
> specified device, path, or file is denied"....it seems this virus has locked
> onto this element. PDC is running Exchange (I know, never put'em
> together...but we're still cleaning up after previous SysAdmins here), and
> this has gone bezerk as well, with the same message onscreen.
> Norton/Symantec doesn't recognize "readme.eml"....who out there can shine a
> flashlite in this dark mess? thanks in advance.
>
> > Terry
>
> ------_=_NextPart_001_01C1405D.DC3854E0
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> <HTML>
> <HEAD>
> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
> charset=3Diso-8859-1">
> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
> 5.5.2653.12">
> <TITLE>serious network down...readme.eml??</TITLE>
> </HEAD>
> <BODY>
>
> <P><FONT SIZE=3D2 FACE=3D"Arial">My network is slammed with some uknown =
> virus of some sort.....Both my NT 4.0 servers running MS-Exchange 6.5 =
> have about 2300 alien files which were deleted....a =
> "readme.eml" is being executed by all users somehow =
> automtically and its infecting all my NT domain. I can not =
> Ctrl+Alt+Delete to log into any of the servers.....the display shows =
> "initialization of the dynamic link library =
> C:\WINNT\system32\USER32.dll failed. The process is terminating =
> abnormally" OKaying this results in no effects....all =
> servers have this displayed onscreen. For the ones that have =
> admin already logged in, Services (control panel, settings) can not be =
> accessed! "access to the specified device, path, or file is =
> denied"....it seems this virus has locked onto this element. =
> PDC is running Exchange (I know, never put'em together...but we're =
> still cleaning up after previous SysAdmins here), and this has gone =
> bezerk as well, with the same message onscreen. Norton/Symantec =
> doesn't recognize "readme.eml"....who out there can shine a =
> flashlite in this dark mess? thanks in advance.</FONT></P>
>
> <P><FONT FACE=3D"Verdana">Terry </FONT>=20
> </P>
>
>
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm<BR>
</BODY>
> </HTML>
> ------_=_NextPart_001_01C1405D.DC3854E0--
