Info lagi buat para pengguna Windoz..... have fun...
---------------------------------------------------------------------
This article is from ZDNN (http://www.zdnet.com/zdnn/).
Visit this page on the Web at:
http://www.zdnet.com/zdnn/stories/news/0,4586,2273505,00.html
---------------------------------------------------------------------
Disguised as e-mail from an acquaintance, a malicious computer "worm"
capable of destroying data on infected machines was spreading
Thursday, forcing at least a handful of businesses to shut down their
e-mail systems.
[IMAGE] It was not immediately clear how far the "Worm.ExploreZip"
program - which replicates itself by commandeering Microsoft Outlook
on Windows systems - had spread since it was reported to Symantec
Corp.'s AntiVirus Research Center on Sunday.
Carnegie Mellon University's Computer Emergency Response Team had not
received any reports of the worm as of early Thursday, but it was
causing havoc with e-mail at Microsoft, NBC and General Electric
(MSNBC is a joint venture of Microsoft and NBC).
System administrators at GE shut down the company's e-mail system in
an attempt to isolate the worm.
How the worm works
Symantec (Nasdaq:SYMC) said the worm, which was first discovered in
Israel, e-mails itself as an attachment with the file name
"zipped_files.exe."
[TABLE NOT SHOWN] The body of the message, which scans the "Inbox" to
harvest addresses of e-mail correspondents, reads:
"Hi (recipient's name)!
"I received your e-mail and I shall send you a reply ASAP.
"Till then, take a look at the attached zipped docs.
"Bye."
According to an advisory posted by Symantec, users who receive such a
message should delete it without opening it, then empty the deleted
items file.
System file modified
If the file is executed on a Windows 9x system, the worm copies itself
to the c:windowssystem directory with the filename "Explore.exe" and
then modifies the WIN.INI file so that the program is executed each
time Windows is started, the advisory says.
[TABLE NOT SHOWN] The worm then utilizes the infected computer's
e-mail client to harvest e-mail addresses in order to propagate
itself.
In addition, when Worm.ExploreZip is executed, it also searches
through the C through Z drives of your computer system and selects a
series of files of any file extension to destroy by making them 0
bytes long.
This can result in non-recoverable data and/or computer system, the
Symantec advisory warns.
How to get rid of it
If your computer is infected, security software company Network
Associates recommends these steps to remove it:
If you're running Windows 95 or 98:
Restart your computer in MS-DOS mode, edit the WIN.INI file and remove
the line run=c:windowssystemexplore.exe. Then delete the file
"c:windowssystemexplore.exe" and restart Windows.
If you're running Windows NT:
Run REGEDIT (not REGEDT32) and locate the hive
[HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows]
and remove the following key: "run"="C:\WINNT\System32\Explore.exe"
Restart Windows NT, then remove the file "c:winntsystem32Explore.exe"
[TABLE NOT SHOWN]
---------------------------------------------------------------------
Copyright (c) 1998 ZDNet. All rights reserved. Reproduction in whole
or in part in any form or medium without express written permission of
ZDNet is prohibited. ZDNet and the ZDNet logo are trademarks of
Ziff-Davis Inc.
================================DAAD MILIS=================================
subscribe : [EMAIL PROTECTED]
Milis ini wadah ngobrol, ngegosip, ngilangin stress..... bitte 1 Mark
* Gunadarma Mailing List -----------------------------------------------
* Archives : http://milis-archives.gunadarma.ac.id
* Berhenti : Kirim Email kosong ke [EMAIL PROTECTED]
* Administrator: [EMAIL PROTECTED]
