Messages in English and Portuguese
 
 
To all our costumers!
We had been out of service for the last 6 days.
A brand new virus called MTX_.EXE also know as W95.MTX  has infected our network.
We got the virus from an e-mail from Australia.
This is a brand new virus and it's very difficult to remove it.
At that time, all our protection, wasn't enough to prevent it
We spent over 75 hours and more than U$ 3,500.00 trying to save all our data and files.
This virus does not make hard damages, but can be propagated over e-mail with so many different files attached.
If you got the virus and if you do not have something really important to loose in your computer (such is very important files)
We suggest you FORMAT your hard drive and install everything again. Will be more easier and less expansive.
If not, you have a long run to go. Be prepared for the worst!!!
 
To our costumers who had been waiting for quotes and delivery confirmations, we will now answer all e-mails in the order that was received.
Sorry for this inconvenience. We are back on track!!!
 
 
Here is the list with their names (if you got the virus and try to find these files you can not see them)
 
                     I_wanna_see_you.txt.pif
                     Matrix_screen_saver.scr
                     Love_letter_for_you.txt.pif
                     New_playboy_screen_saver.scr
                     Bill_gates_piece.jpg.pif
                     Tiazinha.jpg.pif
                     Feiticeira_nua.jpg.pif
                     Geocities_free_sites.txt.pif
                     New_napster_site.txt.pif
                     Metallica_song.mp3.pif
                     Anti_cih.exe
                     Internet_security_forum.doc.pif
                     Alanis_screen_saver.scr
                     Reader_digest_letter.txt.pif
                     Win_$100_now.doc.pif
                     Is_linux_good_enough!.txt.pif
                     Qi_test.exe
                     Avp_updates.exe
                     Seicho_no_ie.exe
                     You_are_fat!.txt.pif
                     Free_xxx_sites.txt.pif
                     I_am_sorry.doc.pif
                     Me_nude.avi.pif
                     Sorry_about_yesterday.doc.pif
                     Protect_your_credit.html.pif
                     Jimi_hendrix.mp3.pif
                     Hanson.scr
                     F___ing_with_dogs.scr
                     Matrix_2_is_out.scr
                     Zipped_files.exe
                     Blink_182.mp3.pif
 
 
The only way for you to know if you got the virus is trying access antivirus web sites such is www.mcafee.com and www.symantec.com.
 
If you access them and your computer crash, (means a window with illegal operation) YOU GOT THE VIRUS!!!
 
The only antivirus that can remove it is the NORTON ANTIVIRUS 2001 from Symantec Corp.
 
Here is the virus definition.
 
 
                 Discovered on: August 17, 2000
                     Last Updated on: October 16, 2000 0 4:25:59 PM PST
 

                     W95.MTX has a virus component and a worm component. It propagates using
                     email. Also it infects some Win32 executables in specific directories. The
                     virus also has the capability to block access to certain web sites. This may
                     prevent users from downloading new virus definitions.
 
                     Click here to download tool to repair W95.MTX damage
 
                     Also known as: W95.Oisdbo, W95.MTX.dr, W95.MTX (.dll)
 
                     Category: Worm, Virus
 
                     Infection length: 9250 (variable)
 
                     Virus definitions: August 28, 2000
 
                     Threat assessment:
 
                        Wild:                 High 
                        Damage:        Medium 
                       Distribution:  High
 
                                                                    
 
                     Wild
 
                          Number of infections: 50-999
                          Number of sites: More than 10
                          Geographical distribution: High
                          Threat containment: Moderate
                          Removal: Difficult
 
                     Damage
 
                          Payload:
                               Modifies files: Some infected files are corrupted beyond repair.
 
                     Distribution
 
                          Subject of e-mail: None
                          Name of attachment: Variable (see below)
                          Size of attachment: Variable
                          Target of infection: Windows executables
                          Time stamp of attachment: Immediately after a new email message is
                          sent, a second message is sent with no subject and the worm
                          attached.
 
                     Technical description:
 
                     Worm component
                     The worm component makes a copy of Wsock32.dll and names it
                     Wsock32.mtx. The Send export function of this .mtx file is then modified to
                     point to its own code. This allows the virus to mail a copy of the worm infected
                     with this virus to the same person to whom the user sends an email (using the
                     same program).
 
                     Here are a list of file names that this virus might use when it sends the
                     infected worm to other people. For those files with .pif extensions, the .pif
                     extension might not be visible in your mail program.
 
                     I_wanna_see_you.txt.pif
                     Matrix_screen_saver.scr
                     Love_letter_for_you.txt.pif
                     New_playboy_screen_saver.scr
                     Bill_gates_piece.jpg.pif
                     Tiazinha.jpg.pif
                     Feiticeira_nua.jpg.pif
                     Geocities_free_sites.txt.pif
                     New_napster_site.txt.pif
                     Metallica_song.mp3.pif
                     Anti_cih.exe
                     Internet_security_forum.doc.pif
                     Alanis_screen_saver.scr
                     Reader_digest_letter.txt.pif
                     Win_$100_now.doc.pif
                     Is_linux_good_enough!.txt.pif
                     Qi_test.exe
                     Avp_updates.exe
                     Seicho_no_ie.exe
                     You_are_fat!.txt.pif
                     Free_xxx_sites.txt.pif
                     I_am_sorry.doc.pif
                     Me_nude.avi.pif
                     Sorry_about_yesterday.doc.pif
                     Protect_your_credit.html.pif
                     Jimi_hendrix.mp3.pif
                     Hanson.scr
                     F___ing_with_dogs.scr
                     Matrix_2_is_out.scr
                     Zipped_files.exe
                     Blink_182.mp3.pif
 
                     Wininit.ini is created by this component, which causes Wsock32.dll to be
                     deleted and Wsock32.mtx to be renamed to Wsock32.dll. Wininit.ini
                     executes after the computer is restarted. After Wininit.ini is created, this
                     component runs the virus component.
 
                     Virus component
                     The virus component searches for specific antivirus programs running. If the
                     virus finds one, the virus does not run. If the virus continues to run, it
                     decompresses the worm component, drops a copy of it into the user's
                     Windows directory (typically C:\Windows), and runs it. The name of this
                     dropped file is Ie_pack.exe. After Ie_pack.exe is executed, it is renamed to
                     Win32.dll.
 
                     The virus also drops Mtx_.Exe and runs it. This is a downloader program that
                     goes to a specific Web site (i.am/[MATRIX]) where plug-ins for the virus are
                     downloaded and executed. It searches for Win32 executables in the current
                     directory, Windows directory, and the Temp directory. The file to be infected
                     needs to have a size that is not divisible by 101, is greater than 8K in size,
                     and has at least 20 import call instructions. If not, the file is not infected by
                     the virus.
 
                     The virus also adds a registry entry that lets the downloader run automatically
                     every time the system is started. The downloader is invisible in the Task List.
 
                     Removal:
 
                     How to repair manually
 
                     This is a complex and difficult virus to remove.
 
                     It alters system files and on
                     some systems these files cannot be repaired. In some cases, after attempting
                     to repair the virus, you will not be able to start Windows until you restore the
                     needed system files from the original Windows installation CD. This document
                     assumes that you are familiar with basic Windows and DOS procedures. If
                     you are not, we suggest that you obtain the services of a qualified computer
                     consultant.
 
                     CAUTION:
                     Windows 98 allows you to create a startup disk that contains both system
                     files and drivers that will work with most CD-ROMs. Windows 95 does not.
                     Before you start this procedure, it is strongly recommended that you create or
                     obtain a Windows 98 Startup disk. This can be used to boot a Windows 95 or
                     a Windows 98 computer. If you do not create this disk first, and the first part
                     of the removal procedure does not work on your system, you may not be able
                     to restore some Windows files if this is needed.
 
                     NOTES:
 
                          Due to the nature of this virus, some files will not be repairable. The
                          unrepairable files will need to be restored from clean backup copies, or
                          from the original distribution disks.
                          To remove this threat you will need to carefully watch Norton AntiVirus
                          (NAV) during the detection process. The files infected by the virus
                          portion of W95.MTX should be detected as W95.MTX and W95.MTX
                          (.dll). Any files that are detected as being infected with either W95.MTX
                          or W95.MTX (.dll) should be able to be repaired.
                          Files that are part of the Trojan and worm part of the infection should be
                          detected as W95.MTX.dr. Any files detected as being infected with
                          W95.MTX.dr must be removed.
                          It is important to make the distinction between the virus and the worm
                          components, because the virus part of W95.MTX can infect Windows
                          system files and if you delete system files you might damage
                          Windows.
 
                     To repair the damage done by this virus, follow in turn the instructions in each
                     section.
 
                      1st. REMOVE ALL ANTI VIRUS YOU MAY HAVE INSTALLED ON YOUR COMPUTER
 
                     Create or obtain a Startup disk
                     Before you begin the removal process, you must create or obtain a Windows
                     98 Startup disk. If you are running Windows 95, you may be able to obtain
                     one from a local computer store. To create one on a Windows 98 computer,
                     follow these steps:
 
                       1.Click Start, point to Settings, and then click Control Panel.
                       2.Double-click Add/Remove programs.
                       3.Click the Startup disk tab.
                       4.Place a new, formatted floppy disk in the floppy disk drive.
                       5.Click Create Disk and follow the prompts.
 
                     Ensure that you have the most recent virus definitions
 
                     You must have Norton AntiVirus installed, and you must have virus definitions
                     dated September 5, 2000 or later. If you do not, because this virus blocks
                     access to most antivirus vendors Web sites, including Symantec's, you will
                     not be able to run LiveUpdate or download the definitions from the SARC Web
                     site.
 
                     There are two ways to work around this:
 
                          If you have access to an uninfected computer, download the most
                          recent definitions from the SARC Web site, and then install the
                          definition files on the infected computer. For instructions on how to do
                          this, see the following documents:
 
                               Title: How to update virus definition files using the Virus
                               Definition Update Installer
                               Document ID: 1998082013035306
 
                               Title: How to update virus definitions on computers without
                               Internet or network connections.
                               Document ID: 199811293832
 
                          If you do not have access to a uninfected computer, you can download
                          the Virus Update Definition Installer from the Tucows Web site. Follow
                          these steps to do this:
 
                            1.Go to the following URL:
 
                               http://www.tucows.com
 
                            2.In the Search Software Library! box, type the following and then
                               click GO!:
 
                               norton dat
 
                            3.Locate the entry--it should be the first in the list--for the
                               Platform: Windows 95/98 and then click Download Now.
                            4.Choose your region and state or locality and then click GO!
                            5.Click the download site nearest your location.
                            6.Download the file to a location on the hard drive such as the
                               Windows desktop.
                            7.When the download is finished, double click the file that you
                               downloaded to install it.
 
                     Restart the computer to a command prompt
                     You need to restart the computer to a command prompt. Follow the steps for
                     your operating system:
 
                          How to start Windows 95 to a command prompt:
                            1.Click Start and click Shut Down. The Shut Down Windows
                               dialog box appears.
                            2.Click Restart, then click Yes. Windows will shut down and the
                               computer will restart.
                            3.When "Starting Windows 95..." appears on the screen, press
                               F8. The Windows 95 Startup Menu appears.
                            4.Select "Command Prompt only" and press Enter.
 
                          How to start Windows 98 to a command prompt:
                            1.Click Start and click Shut Down. The Shut Down Windows
                               dialog box appears.
                            2.Click Restart, then click OK. Windows will shut down and the
                               computer will restart.
                            3.As the computer restarts, press and hold down the Ctrl key until
                               the Windows 98 Startup Menu appears. Note: On some
                               computers, a keyboard or other error may appear during restart
                               as you hold down the Ctrl key. If so, then follow the prompts to
                               press a key to continue (for example, the message may prompt
                               you to press the Esc key), then immediately press the Ctrl key
                               again.
                            4.Select "Command Prompt only" and then press Enter.
 
                     Delete the infected files
                     Follow these steps to delete the infected files:
 
                     NOTE: These instructions assume that you have Windows installed to the
                     default location of C:\Windows. If you have Windows installed to a different
                     location, please make the appropriate substitutions.
 
                       1.Type each of the following commands and press Enter after each one:
 
                          set path=c:\windows\command;%path%
                          cd \windows
                          attrib -r -s -h *.*
                          del ie_pack.exe
                          del win32.dll
                          del mtx_.exe
 
                          NOTE: If after entering any of these commands, you see a messages
                          such as "File not found," type the command again to make sure that it
                          was typed exactly as shown. For example, ie_pack.exe is "ie" then an
                          underscore then "pack.exe"
 
                       2.Type the following command and then press Enter after each one:
 
                          dir /s \navdx.exe
 
                          This will search the hard drive for the location of the Norton AntiVirus
                          DOS scanner. If you have NAV installed to a different drive, changed to
                          the root of that drive first.
 
                       3.Write down the location that follows "Directory of," for example,
                          C:\Progra~1\Norton~1.
 
                       4.Change to the directory whose location you wrote down in the previous
                          step by typing cd followed by the path. For example, to change to the
                          default location shown in step 3, type the following command and then
                          press Enter:
 
                          cd \progra~1\norton~1
 
                       5.Type the following command and then press Enter:
 
                          navdx /a /doallfiles /repair /delete
 
                          This will scan all hard drives and files. NAV will attempt to repair any
                          infected files; if it cannot repair an infected file, the file will be deleted.
 
                          CAUTION: This could take several hours or more on some computers.
                          Do not attempt to stop the scan once it has started.
 
                       6.When the scan is finished, go on to the next section.
 
                     Extract new copies of the Wsock32.dll, Explorer.exe, and Rundll32.exe
                     files
                     This is necessary because these files have very likely been infected by the
                     virus and are critical for accessing the Internet and using the computer. You
                     need to use the Extract command at a DOS prompt to restore good copies of
                     these files from the Windows installation files.
 
                     There are two locations from which these files can be extracted:
 
                          The Windows installation files on your hard drive. On many newer
                          computers, the Cab files that contain the Windows installation files are
                          stored on the computer's hard drive. If you are sure that this is the
                          case, see the section How to extract files that are located on the
                          hard drive.
                          The Microsoft Windows 95/98 Installation CD. If you do not have the
                          Cab files on the hard drive, see the section How to extract files that
                          are located on the installation CD.
 
                     How to extract files that are located on the hard drive
 
                       1.Type the following and then press Enter:
 
                          dir /s \precopy1.cab
 
                          This will search the hard drive for the location of the Cab files. If the file
                          is not found, it is likely that the Cab files are not on the hard drive. Skip
                          to the section How to extract files that are located on the
                          installation CD.
                       2.Write down the location that follows "Directory of," for example,
                          C:\Windows\Options\Cabs.
                       3.Change to the directory whose location you wrote down in the previous
                          step by typing cd followed by the path. For example, to change to the
                          location shown in step 2, type the following command and then press
                          Enter:
 
                          cd \windows\options\cabs
                       4.What you do next depends on which operating system you are using:
 
                          NOTES:
                               If after entering any of these commands, you see a messages
                               such as "File not found," type the command again to make sure
                               that it was typed exactly as shown.
                               If you see a message asking if you want to overwrite a file,
                               (Yes/No/All) type Y and then press Enter.
                               If you have Windows installed to a different location, please
                               make the appropriate substitutions.
 
                          If you are using Windows 98, type the following commands and
                          press Enter after each one:
 
                          extract /a precopy1.cab wsock32.dll /l c:\windows\system
                          extract /a win98_40.cab explorer.exe /l c:\windows
                          extract /a win98_40.cab rundll32.exe /l c:\windows
 
                          If you are using Windows 95, type the following commands and
                          press Enter after each one:
 
                          extract /a win95_10.cab wsock32.dll /l c:\windows\system
                          extract /a win95_10.cab explorer.exe /l c:\windows
                          extract /a win95_10.cab rundll32.exe /l c:\windows
 
                          If you experience no error messages, then you are finished with the
                          extraction process. Go on to the section Edit the registry.
 
                     How to extract files that are located on the installation CD
 
                       1.Insert the Windows 98 Startup disk in the floppy disk drive.
                       2.Insert the Windows 98 installation Cd in the CD-ROM drive.
                       3.Turn off the computer and wait thirty seconds.
                       4.Turn on the computer. The computer will start to a startup menu.
                       5.The default menu item is Start Computer with CD-ROM Support. Do
                          not change this, but instead press Enter.
                       6.Allow the computer to finish booting to a A: prompt. This could take a
                          few minutes.
                       7.The next step is to change to the CD-ROM drive. Because you are
                          using the Startup disk, the drive letter will be one letter greater than the
                          drive letter that usually represents the CD-ROM drive. For example, if
                          the CD-ROM drive is the D: drive in Windows, it will now be the E:
                          drive.
 
                          Type the following, changing the drive letter as necessary, and then
                          press Enter:
 
                          E:\Win98 (If the installation disk is for Windows 98)
 
                          or
 
                          E:\Win95 (If the installation disk is for Windows 95)
 
                          If you see an error message, try retyping the command with a different
                          drive letter, for example, F:\Win98.
                       8.What you do next depends on which operating system you are using:
 
                          NOTES:
                               If after entering any of these commands, you see a messages
                               such as "File not found," type the command again to make sure
                               that it was typed exactly as shown.
                               If you see a message asking if you want to overwrite a file,
                               (Yes/No/All) type Y and then press Enter.
                               If you have Windows installed to a different location, please
                               make the appropriate substitutions.
 
                          If you are using Windows 98, type the following commands and
                          press Enter after each one:
 
                          extract /a precopy1.cab wsock32.dll /l c:\windows\system
                          extract /a win98_40.cab explorer.exe /l c:\windows
                          extract /a win98_40.cab rundll32.exe /l c:\windows
 
                          If you are using Windows 95, type the following commands and
                          press Enter after each one:
 
                          extract /a win95_10.cab wsock32.dll /l c:\windows\system
                          extract /a win95_10.cab explorer.exe /l c:\windows
                          extract /a win95_10.cab rundll32.exe /l c:\windows
 
                          If you experience no error messages, then you are finished with the
                          extraction process. Go on to the next section.
 
                     Edit the registry
                     Follow these steps to remove the entry that the virus added to the registry:
 
                     CAUTION: We strongly recommend that you back up the system registry
                     before making any changes to it. Incorrect changes to the registry may result
                     in permanent data loss or corrupted files. Please make sure that you modify
                     only the keys specified. Please see the document How to back up the
                     Windows 95/98/NT registry before proceeding. This document is available
                     from the Symantec Fax-on-Demand system. In the U.S. and Canada, call
                     (541) 984-2490, select option 2, and then request document 927002.
 
                       1.Remove the floppy disk from the floppy disk drive.
                       2.If you extracted the files from the Installation CD, remove the CD from
                          the CD-ROM drive.
                       3.Turn off the computer and wait thirty seconds.
                       4.Turn on the computer and allow Windows to start.
 
                          NOTE: It is normal at this point for error messages to appear. They will
                          refer to the virus files with messages such as "Windows cannot find..."
                          Ignore these messages. They are the result of the remaining entries in
                          the Windows registry that you will remove next. They do not indicate
                          that the computer is still infected.
                       5.Click Start, and then click Run. The Run dialog box appears.
                       6.Type regedit and then click OK. The Registry Editor opens.
                       7.Navigate to and select the following subkey:
 
                          HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run
                       8.Delete the following value in the right pane:
 
                          SystemBackup C:\WINDOWS\MTX_.EXE
                       9.Click Yes to confirm.
                      10.Delete the following subkey:
 
                          HKey_Local_Machine\Software\[Matrix]
                      11.Click Yes to confirm.
                      12.In the left pane, click the My Computer key.
                      13.Click Edit and then click Find.
                      14.In the Find what box, type mtx and then click Find Next.
                      15.What you do will depend on whether any entries are found.
                               If no entries are found that contain the string mtx, go on to the
                               next step.
                               If any entries are found, and they refer to MTX_.EXE, you should
                               delete the entry. Because this is a string search, it could find
                               entries for legitimate programs that happen to contain this
                               string. Make sure that the references is to MTX_.EXE before you
                               delete it. To continue the search if an entry is found, press F3.
                               Keep doing this until no more entries are found.
                      16.Repeat step 11, but this time search for [MATRIX]. Delete any entries
                          that are found.
                      17.Click the Registry menu, and then click Exit to save the changes and
                          close the Registry Editor.
                      18.Restart the computer.
 
 
If you need further assistance to know how repair your disk or need files, please fell free to contact us.
You can download Norton Antivirus 2001 for free at WWW.Symantec.com and install it.
More specifications about how to repair and download files can be find at WWW.SARC.COM
We'll be glad to help you!
 
Thanks
 
Induscon USA
 
 

 
PORTUGUES
 
 
A todos os nossos clientes.
 
Estivemos fora do ar nos ultimos 6 dias.
 
Um novo viros chamado MTX_.EXE, tambem conhecido como W95.MTX infectou nossa rede.
Este é um novo virus e é muito dificil de remover.
Quando fomos infectados, nossa proteçao nao foi suficiente.
O e-mail veio da Australia.
Gastamos mais de 75 horas e mais de U$ 3.500 dolares para salvar nossos dados e arquivos.
Este virus nao provoca grandes destruicoes mas pode ser propagado atraves de e-mail com um sem numero de diferentes arquivos agregados.
 
O unico jeito de voce saber se pegou o virus é acessando os sites www.mcafee.com e www.symantec.com.
 
Se o seu computador parar (janela avisando de operacao ilegal) VOCE PEGOU O VIRUS!!!
 
O unico antivirus que pode remove-lo é o NORTON ANTIVIRUS 2001 da Symantec Corp.
 
Se voce pegou o virus e nao tem nada a perder no seu computador (arquivos muito importantes), nos sujerimos que formate seu HD. Vai sair mais barato e nao tera dor de cabeça. Senao, voce vai ter uma longa jornada pela frente. Prepare-se para o pior.
 
 
A todos os nossos clientes que estao esperando por cotacoes e confirmacoes de despacho de mercadorias, avisamos que a partir de agora responderemos a todos na ordem em que  os e-mails foram recebidos.
Desculpe-nos pela inconveniencia. Estamos de volta!!! E mais protegidos do que nunca!
 
 
Aqui a lista deles dos agregados.
 
 
                    I_wanna_see_you.txt.pif
                     Matrix_screen_saver.scr
                     Love_letter_for_you.txt.pif
                     New_playboy_screen_saver.scr
                     Bill_gates_piece.jpg.pif
                     Tiazinha.jpg.pif
                  Feiticeira_nua.jpg.pif
                 Geocities_free_sites.txt.pif
                 
New_napster_site.txt.pif
                     Metallica_song.mp3.pif
                     Anti_cih.exe
                     Internet_security_forum.doc.pif
                     Alanis_screen_saver.scr
                     Reader_digest_letter.txt.pif
                     Win_$100_now.doc.pif
                     Is_linux_good_enough!.txt.pif
                     Qi_test.exe
                     Avp_updates.exe
                     Seicho_no_ie.exe
                     You_are_fat!.txt.pif
                     Free_xxx_sites.txt.pif
                     I_am_sorry.doc.pif
                     Me_nude.avi.pif
                     Sorry_about_yesterday.doc.pif
                     Protect_your_credit.html.pif
                     Jimi_hendrix.mp3.pif
                     Hanson.scr
                     F___ing_with_dogs.scr
                     Matrix_2_is_out.scr
                     Zipped_files.exe
                     Blink_182.mp3.pif
 
 
Se voce precisar de ajuda com arquivos e outras coisas mais, escreva-nos.
Programas e utilitarios para desinfectar sua maquina poderao ser encontrados em
 
Obrigado
 
Induscon USA
 
 
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Lista [EMAIL PROTECTED]
- Para assinar esta lista, envie e-mail para
[EMAIL PROTECTED]
- Para se desinscrever, envie e-mail para
[EMAIL PROTECTED] - mas pense bem antes! :)
- Para mais informacoes sobre esta lista, va\' no endereco
http://www.grupos.com.br/grupos/piadas.news
- Qualquer duvida sobre a lista, escreva para
[EMAIL PROTECTED]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Grupos.com.br
página do grupo diretório de grupos diretório de pessoas cancelar assinatura

Responder a