I do not allow this type of post on any of my mail lists but feel I must make an exception. Please do not respond to the list. FOR INFORMATION ONLY W32.Swen.A@mm (called Worm.Automat.AHB earlier) If you receive an email that appears to be from Microsoft, and says it is a Critical Update, Security Patch Update, etc., it is a fake and the attachment you are supposed to click infects your system. It is very dangerous at this point and causes your computer to mail out the infection to addresses found in MS Outlook and Outlook Express, AND found in the following files on your harddrive: .html, .asp, .eml, .dbx, .wab, .mbx This means that even though you're NOT using a Microsoft email program, if your email program (such as Eudora) stores emails in a file with one of the above extensions, and you infect your system by clicking on the "update", your system will then send out the infection to all found addresses. Worse, the infection kills all computer protection on your system, such as McAfee Scan, Norton/Symantec AV, ZoneAlarm, Zone Alarm Pro, AdAware, SpyBot, etc. It also looks through your registry files and finds the current email address for your system, AND makes changes which prevent you from running RegEdit on your computer. It also prevents you from running other critical Windows utilities which you might use to either find infected files, or delete them. Infected attachment files will have names generated by the worm in the following formats: It will make a file with one of the following names: Patch Upgrade Update Installer Install Pack Q Followed by a series of random numbers. And a file extension that is either .exe or .zip. So, an infected attachment might look like: Patch298.exe, Q988766.exe, Update745.exe Install025.exe or the same format with .zip extensions. I have received several hundred infected emails, that were supposedly from Microsoft, during the past week, all addressed to email addresses I use for the Mailing Lists at Rootsweb. Thus, some users of these Lists are already infected. EVERYONE should make sure they have the latest virus definition files for their Anti-Virus program, and should run a full system scan over their entire system, no matter how long it takes. In addition, you should all go to the following URL, read the message, and, from the instructions, see if your computer is infected: For Symantec (Norton) Users; <http://www.sarc.com/avcenter/venc/data/w32.swen.a@mm.html> For McAfee Users: <http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen> For a More Detailed Description at McAfee: <http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100662> Again, SOMEONE (actually, several "someones") is remiss by not having adequate virus protection, and negligent by clicking on email attachments when everyone should know better by now. 1) Install an Anti-Virus program! 2) Update its virus definition files at least every other day! 3) Configure it to run on your system all the time! 4) NEVER click on email attached files unless you know for 110% certainty who sent them and what they contain. 5) NEVER click on email attached files until you have emailed the sender and asked about the file, e.g., "Did you send the file?" "What is in it?" "Do you have an AV program on your computer?" "Did you use the AV program to check out the file?" etc. 6) MICROSOFT NEVER, NEVER SENDS OUT UPGRADE ANNOUNCEMENTS BY EMAIL!!!!! MS NEVER, NEVER ATTACHES FILES TO EMAILS!!!!! Please, check your systems for this dangerous infection! I suspect that many of you are already infected. Let's get this one under control, PLEASE check, check again and double check before even thinking about opening anything with an attachment.