http://vil.mcafee.com/dispVirus.asp?virus_k=99198&
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 06, 2001 9:25 AM
To: NT System Admin Issues
Subject: New Virus??
Has anyone heard about this? I was told its spreading throught Europe. Any
validity to it?
There is a new Virus that has been spotted as of Sept 03, 2001. Please be aware.
It spreads rapidly!
** | VIRUS WARNING - Win32.Apost.A@mm| **
Central Command is issuing a virus warning due to increased
infection reports for this new backdoor that was discovered on
September 3rd, 2001.
** | DESCRIPTION | **
Win32.Apost.A@mm is an Internet Worm that works on Windows systems.
It spreads through e-mails as an attached file and is activated
when the user executes the attachment.
When is executed, the virus copies itself in the root of every
drive (including floppy-disk) under the name readme.exe. Also, it
copies itself in the Windows directory and sets the following
registry key to be executed at every startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\macrosoft
"%windir%\readme.exe"
After this, it uses MAPI (Mailing Application Programming
Interface) to send e-mail to every contact in the user's Address
Book and sets Outlook to erase these messages after they are sent.
The mail looks like this:
Subject: As per your request!
Body: Please find attached file for your review. I look forward to
hear from you again very soon. Thank you.
Attachment: readme.exe
ralph
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm