Hi everyone,
for a little while now, I am at times receiving an e-mail with an
attached virus, the virus is of the "worm" category and self replicates
and sends out e-mails with some text about "snowhite and dwarfs" and a
file attachment (scr) to e-mail addresses in the person's address book.
It seems to me that perhaps some list members' computer may be
infected and is sending out these mails.
Here's some information which I found with details about this virus,
and also info on how to remove it if your PC is infected ...
_____________________________________________
Hybris (Also known as Win32.Hybris)
Win32.Hybris is an e-mail worm which modifies WSOCK32.DLL to intercept
outgoing messages in a manner similar to Happy99 (which is also known
as
SKA).
When run, the worm makes a copy of WSOCK32.DLL in the Windows System
directory. The copy will have a random, 8 character name with no
extension.
The worm "infects" this copy by patching the functions used for
connecting,
and the sending and receiving of data.
The worm modifies WININIT.INI in the Windows directory, so that the
original
WSOCK32.DLL will be replaced with the modified copy the next time
Windows is
restarted.
>From this point, when the user sends an e-mail, the worm will send an
additional message to the same address with a copy of itself attached.
The
subject of the worm's message is:
"Snowhite and the Seven Dwarfs - The REAL story!"
The body of the message contains the following text (including the
spelling
mistakes):
"Today, Snowhite was turning 18. The 7 Dwarfs always where very
educated and
polite with Snowhite. When they go out work at mornign, they promissed
a
*huge* surprise. Snowhite was anxious. Suddlently, the door open, and
the
Seven Dwarfs enter..."
The name of the attachment is variable, and has an extension of either
.EXE
or .SCR.
The latest IPE program includes cleaning for the Wsock32.dll, though if
you
cannot access our download site to update IPE then you will need to
manually
replace this file as follows.
The WSOCK32.DLL file must be restored from backup. This can be done by:
Windows 98
- Click START | RUN, type SFC and click OK.
- Choose Extract one file from the installation disk
- Type C:\WINDOWS\SYSTEM\WSOCK32.DLL in the box and click Start.
- In the Restore from box type C:\WINDOWS\OPTIONS\CABS or browse to the
Win98 directory on your Windows98 CD-ROM
- Click OK and follow remaining prompts
Windows95
- Click START | SHUT DOWN choose RESTART IN MS-DOS MODE
- Type: EXTRACT /A C:\WINDOWS\OPTIONS\CABS\WIN95_11.CAB WSOCK32.DLL /L
C:\WINDOWS\SYSTEM
or
- Insert your Windows95 CD-ROM and type:
EXTRACT /A D:\WIN95\WIN95_11.CAB WSOCK32.DLL /L C:\WINDOWS\SYSTEM Where
D:
is your CD-ROM drive
__________________________________________________
I trust this helps, and that you can take a look to make sure that your
PC is not infected ... or else take the steps to remove the virus.
Have a good day.
God bless you with His grace and peace
Wolfgang Schneider
Looking for Biblical information? COME AND SEE! Check it out NOW!
-- BibelCenter: http://www.bibelcenter.de
-- Bookstore: http://www.worthy.net/BibelCenter/ - "Great offers! Check
it out!"
-- Christian eBooks: http://www.christian-ebooks.de
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
