Here's the big virus we all need to look out for right now.
W32/[EMAIL PROTECTED]
Virus Characteristics:
This mass-mailing virus attempts to send itself and local documents to all
users found in the Windows Address Book
and email addresses found in cached files.
When run, it copies itself to C:\RECYCLED\SirC32.exe folder to conceal its
presence and creates the following registry
key value to load itself whenever .EXE files are executed:
HKCR\exefile\shell\open\command
\Default=C:\recycled\SirC32.exe %1 %*
As the RECYCLE BIN is often on the exclusion list, check your settings to
insure that this directory IS being scanned.
It also copies itself to the WINDOWS SYSTEM directory as SCam32.exe and creates
the following registry key value to
load itself automatically:
HKLM\Software\Microsoft\Windows\CurrentVersion\
RunServices\Driver32=C:\WINDOWS\SYSTEM\SCam32.exe
A list of .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PIF, .PNG, .PS, and .ZIP
files in the MY DOCUMENTS folder is
saved to the file SCD.DLL in the SYSTEM directory. Email addresses are gathered
from the Windows Address Book
and temporary Internet cached pages and saved to the file SCD1.DLL in the
SYSTEM directory.
The worm prepends a copy of the files that are named in the SCD.DLL file and
attaches this copy to the email messages
that it sends, using one of the following extensions: .BAT, .COM, .EXE, and .LNK
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
