Here's the "big" virus we all need to look out for right now. W32/[EMAIL PROTECTED]
Virus Characteristics: This mass-mailing virus attempts to send itself and local documents to all users found in the Windows Address Book and email addresses found in cached files. When run, it copies itself to C:\RECYCLED\SirC32.exe folder to conceal its presence and creates the following registry key value to load itself whenever .EXE files are executed: HKCR\exefile\shell\open\command \Default="C:\recycled\SirC32.exe" "%1" %* As the RECYCLE BIN is often on the exclusion list, check your settings to insure that this directory IS being scanned. It also copies itself to the WINDOWS SYSTEM directory as SCam32.exe and creates the following registry key value to load itself automatically: HKLM\Software\Microsoft\Windows\CurrentVersion\ RunServices\Driver32=C:\WINDOWS\SYSTEM\SCam32.exe A list of .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PIF, .PNG, .PS, and .ZIP files in the MY DOCUMENTS folder is saved to the file SCD.DLL in the SYSTEM directory. Email addresses are gathered from the Windows Address Book and temporary Internet cached pages and saved to the file SCD1.DLL in the SYSTEM directory. The worm prepends a copy of the files that are named in the SCD.DLL file and attaches this copy to the email messages that it sends, using one of the following extensions: .BAT, .COM, .EXE, and .LNK --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
