RootsWeb.com Mailing Lists
Home

Results for list 'broyles'

Total: 1/1
    1. [BROYLES] Fake Microsoft Security Patch (VERY IMPORTANT-READ!)
    2. List Manager

    3. I normally discourage "off-topic" posts regarding viruses, worms, trojans, etc., but I feel this one needs to be posted here to make our fellow researchers aware of the danger. ======================= INFORMATION: W32.Swen.A@mm (called Worm.Automat.AHB earlier) If you receive an email that appears to be from Microsoft, and says it is a Critical Update, Security Patch Update, etc., it is a fake and the attachment you are supposed to click infects your system. It is very dangerous at this point and causes your computer to mail out the infection to addresses found in MS Outlook and Outlook Express, AND found in the following files on your harddrive: .html, .asp, .eml, .dbx, .wab, .mbx This means that even though you're NOT using a Microsoft email program, if your email program (such as Eudora) stores emails in a file with one of the above extensions, and you infect your system by clicking on the "update", your system will then send out the infection to all found addresses. Worse, the infection kills all computer protection on your system, such as McAfee Scan, Norton/Symantec AV, ZoneAlarm, Zone Alarm Pro, AdAware, SpyBot, etc. It also looks through your registry files and finds the current email address for your system, AND makes changes which prevent you from running RegEdit on your computer. It also prevents you from running other critical Windows utilities which you might use to either find infected files, or delete them. Infected attachment files will have names generated by the worm in the following formats: It will make a file with one of the following names: Patch Upgrade Update Installer Install Pack Q Followed by a series of random numbers. And a file extension that is either .exe or .zip. So, an infected attachment might look like: Patch298.exe, Q988766.exe, Update745.exe Install025.exe or the same format with .zip extensions. I have received several hundred infected emails, that were supposedly from Microsoft, during the past week, all addressed to email addresses I use for the Mailing Lists at Rootsweb. Thus, some users of these Lists are already infected. EVERYONE should make sure they have the latest virus definition files for their Anti-Virus program, and should run a full system scan over their entire system, no matter how long it takes. In addition, you should all go to the following URL, read the message, and, from the instructions, see if your computer is infected: For Symantec (Norton) Users; <http://www.sarc.com/avcenter/venc/data/w32.swen.a@mm.html> For McAfee Users: <http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen> For a More Detailed Description at McAfee: <http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100662> Again, SOMEONE (actually, several "someones") is remiss by not having adequate virus protection, and negligent by clicking on email attachments when everyone should know better by now. 1) Install an Anti-Virus program! 2) Update its virus definition files at least every other day! 3) Configure it to run on your system all the time! 4) NEVER click on email attached files unless you know for 110% certainty who sent them and what they contain. 5) NEVER click on email attached files until you have emailed the sender and asked about the file, e.g., "Did you send the file?" "What is in it?" "Do you have an AV program on your computer?" "Did you use the AV program to check out the file?" etc. 6) MICROSOFT NEVER, NEVER SENDS OUT UPGRADE ANNOUNCEMENTS BY EMAIL!!!!! MS NEVER, NEVER ATTACHES FILES TO EMAILS!!!!! Please, everybody check your systems for this dangerous infection! I suspect that many of you are already infected and this worm must be stopped before it overloads the net and causes more serious problems. Go to the URL I gave above, read the entire article, check to see if any of the noted files have been installed by the worm, THEN, if you determine your system is infected, go to the "Removal Instructions" and follow the fully explained steps for removal. P.S. Since the worm disables Windows RegEdit.exe, you need a tool to allow you to regain its use. You can go to the McAfee website and download a tool, UNDO.REG, which will reverse the changes made by the virus and allow you user to execute REGEDIT.EXE as normal. Go to this URL and "save" the UNDO.REG file: <http://a64.g.akamai.net/7/64/2015/2003-08-04-03-/download.nai.com/products/mcafee-avert/undo.reg> Save it to your Desktop, then execute it and follow the prompts. Regards, SgtGeorge George W. Durman List Manager

    09/20/2003 06:39:54