Need a book? Engineering books recommendations...
Fw: "NEW VIRUS INFORMATION."[Subject Prev][Subject Next][Thread Prev][Thread Next]
- To: <seaint(--nospam--at)seaint.org>
- Subject: Fw: "NEW VIRUS INFORMATION."
- From: "plec" <plec(--nospam--at)enter.net>
- Date: Thu, 2 Dec 1999 08:41:52 -0500
I received this from our internet service provider and thought some of you wouldn't mind getting this even though it is not structural engineering related. I will never understand why anyone would want to spend their time making viruses - maybe it is the virus protection software manufacturers that do it. Ken -----Original Message----- From: Enter.Net Administrator <sysadm(--nospam--at)enter.net> Date: Wednesday, December 01, 1999 10:06 AM Subject: ATTENTION ENTER.NET USERS "NEW VIRUS INFORMATION." > [ The following text is in the "iso-8859-1" character set. ] > [ Your display is set for the "US-ASCII" character set. ] > [ Some characters may be displayed incorrectly. ] > >Greetings, > >The following information is about a new virus that just came out >called "Mini-Zip." Please read the following information about the >virus. There is also a link to download and remove the virus from >your system if you are infected. > >If you get an e-mail with the following information in the body: > >"I received your email and I shall send you a reply ASAP. >Till then, take a look at the attached zipped docs. " > >DO NOT OPEN THE ATTACHEMENT (zipped_files.exe) OR YOU WILL ACTIVATE >THE VIRUS ON YOUR SYSTEM! > >The virus is a 32bit worm that travels by sending email messages to >users. It drops the file explore.exe and modifies either the WIN.INI >(Win9x) or modifies the registry (WinNT). > >The worm is attached with the filename "zipped_files.exe" as the attachment, >with a file size of 120,495 bytes. The file has a Winzip icon which is >designed to fool unsuspecting users to run it as a self-extracting file. If >the attachment is run, the user will see a fake error message, as follows: > >"Cannot open file: it does not appear to be a valid archive. If this file is >part of a ZIP format backup set, insert the last disk of the backup set and >try again. Please press F1 for help." > >Systems with full access shares on a network could experience the worm >creating a copy of itself in two folder locations, and two file names. A >file named "EXPLORE.EXE" will be copied to Windows\System folder and a file >"_SETUP.EXE" is copied to the Windows folder. On these systems, if the OS is >Windows 9x, the WIN.INI is modified with: > >[windows] >run=c:\windows\explore.exe (or) _setup.exe >The value will switch between _setup.exe and explore.exe per reboot. On the >startup of Windows, it will load this file thereby infecting the system. >This worm will only try to such systems once, whereas systems which are >mapped drives are constantly attempted to re-infect. > >On Windows NT systems, the registry is modified with the following key >addition: > >HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows >run = explore.exe (or) _setup.exe >The value will switch between _setup.exe and explore.exe per reboot. > >This worm does not self-check and prevent itself from loading more than once >so it could have more than one task running. On Windows 9x and Windows NT, it >is listed as a task by the file name running, such as "Explore" or "_Setup" >or "Zipped_Files". > >REMOVAL: > >Windows 95/98 >Run the System Configuration Editor >Select the Start menu from your desktop and Run SYSEDIT.EXE >Select the C:\WINDOWS\WIN.INI window. >In the line run =, remove listings that match either of these >run=C:\WINDOWS\SYSTEM\EXPLORE.EXE >run=C:\WINDOWS\_SETUP.EXE >Select File > Save, then Exit. >Select the Start menu and Shutdown - >Choose Restart the computer in MS-DOS mode and click YES (This action purges >EXPLORE.EXE from system memory.) >Once your PC is in DOS, type EXIT to return to Windows. (This action reloads >Windows without EXPLORE.EXE in memory.) >In Windows, remove the file, EXPLORE.EXE, from your system >Click Start > Find > Files or Folders >In the Find: All Files dialog box, type EXPLORE.EXE in the Name field >Click Find Now >Delete EXPLORE.EXE >Repeat step 10 through 13 for both _SETUP.EXE and ZIPPED_FILES.EXE >WinNT > >In Windows NT, this worm will run as a process by one of the following >names - "explore", "zipped_f;", or "_setup;" in WinNT Task Manager. You can >experience high CPU utilization when the process is running. End process >names which match, noting that "explorer;" is the default Windows shell and >is a valid task! > >Run the WinNT Registry Editor - Click Start > Run > Open REGEDIT (not >REGEDT32). >Locate the hive >[HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows]. >Highlight the following key "run=C:\WINNT\System32\Explore.exe" and remove >by pressing the Delete button. >3. Edit WIN.INI and remove either of these lines if they exist >run=c:\winnt\system32\explore.exe >run=c:\winnt\_setup.exe >Restart Windows NT - Click Start > Shutdown. Select Restart and click OK. >(Your system will now reboot.) >Remove the file, EXPLORE.EXE, from your system >Click Start > Find > Files or Folders >In the Find: All Files dialog box, type EXPLORE.EXE in the (Named) field >Click Find Now - delete EXPLORE.EXE >Repeat Step 6 through 9 for _SETUP.EXE and ZIPPED_FILES.EXE. > >You can also get a fix from the following link: > >http://www.nai.com/asp_set/anti_virus/avert/tools.asp > >Just download Killezip.exe and save it to your disk > >Overview: >KILLEZIP.EXE is a utility to remove instances of the W32/ExploreZip.worm and >W32/ExploreZip.worm.pak virus. It's function is to terminate the process >running, delete the associated files, repair the registry and fix the >WIN.INI entries. A description of this worm is available from the Virus Info >Library page at http://vil.nai.com. > > > >Regards, > >Enter.Net, Inc. > > > > > > >
- Prev by Subject: Re: "Layered" wood beams with interlayer slip
- Next by Subject: "R" Value
- Previous by thread: Re: SEAOC"The One Page Green Book of Existing Building Structural Evaluation etc.
- Next by thread: New SEAOC Roster