RE: [IMail Forum] Je t'aime!

Yes, I took a look at the code, too.  I haven't had the time to fully examine it, just 
get an overview.  However, I don't consider a system fully clean after a virus 
infection until it is back the way it was beforehand... and have files on your system 
infected by the virus (HTML and other files in this case), the system is NOT clean by 
simply making the registry changes.  It may stop the virus from spreading temporarily, 
but the system will still have the virus on it.

I just don't want people out there who got infected to just make a couple changes to 
their registry and think they are out of the woods.
                             -Scott



---------- Original Message ----------------------------------
From: "Frank Tanner" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Thu, 4 May 2000 11:13:37 -0700

Actually, the code infects Windows, and sets itself up to re-transmit itself
via HTML, mIRC's script.ini file, and a few other ways.  I have a copy of
the source code to it handy.  Aside from the person being a jerk, it's
pretty simplistic code.  Kinda sloppily written, but it does work.  It's a
hell of alot bigger, code wise, than Melissa was, but then it does a hell of
alot more.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, May 04, 2000 10:57 AM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] Je t'aime!


This won't necessarily work... the virus code appears to infect .html, .js,
etc. files.  Following the instructions below would not get rid of the
changes to existing files.  Of course, it's early, and few people have fully
analyzed the code yet, so I could be wrong.
                           -Scott

---------- Original Message ----------------------------------
From: Len Conrad <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Thu, 04 May 2000 19:32:48 +0200

I picked this up on another list, if it works, sure beats re-installing Win:


=============================
Just delete the following things to get rid of the Viri:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUG
SFIX
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKerne
l32 und
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
\Win32DLL

also for a WIN-BUGSFIX.EXE File on your Harddisk and delete it.

The Infected Email Recieptens are lstet here in the Registry (So you can
warn them):

HKEY_CURRENT_USER\Software\Microsoft\WAB\
=====================

Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.

Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.

Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.

Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.