I don't forward much ... and usually check it out first ... this is real, seen at the web page below, and told about on TV ... it's giving GTE and MS a real headach ... read it over and watch out for it to arrive. I haven't seen it yet .... but expect to with the number of emails I get per day. I wouldn't send this to the groups like this normally .... but I've seen HAPPY99 too many times from the big groups .... just want to warn everyone and hopefully this will be stopped and stop spreading. If you're unhappy with my post ... (partly I say TOO BAD) ... please email me directly and don't post you're complaints to the groups ... Mike *~* *~* *~* *~* *~* *~* *~* *~* *~* *~* *~* *~* Michael J. Godshalk mailto:godshalk@suntan.eng.usf.edu 2217 Summit View Dr. "Godshalk Family Tree Home Page" VALRICO, FL 33594-5235 http://www.eng.usf.edu/~godshalk (813) 681-9481 My FTM book "The Godshalk History" http://www.familytreemaker.com/users/g/o/d/Michael-James-Godshalk/ MY MAILING LISTS: Send me an E-Mail if you'd like to join. mailto:GODSHALK-L-request@rootsweb.com mailto:Stegall_N_Stratton-L-request@rootsweb.com mailto:starner-family@coollist.com mailto:hartleb-family@coollist.com ~*~ ~*~ ~*~ ~*~ ~*~ ~*~ ~*~ ~*~ ~*~ ~*~ ~*~ Listen up ya'll..... this is a factual virus report. Don't forward this, but copy and paste if you want to and then mail to people. Forwarding wastes bandwidth.....and all those > >> >>>>> etc are hard to wade through. ****** This is a 32bit Worm that travels by sending email messages to users. It drops the file explore.exe and modifies either the WIN.INI (Win9x) or modifies the registry (WinNT). This worm attempts to invoke the MAPI aware email applications as in MS Outlook, MS Outlook Express, MS Exchange and confirmed in Netscape-mail. This worm replies to messages received with an email message with the following body: "I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs." The subject line is not constant as the message is a reply. The worm (named "zipped_files.exe" is attached, with a file size of 210,432 bytes. The file has a Winzip icon which is designed to fool unsuspecting users to run it as a self-extracting file. User who run this attachment will be presented with a fake error message that says: "Cannot open file: it does not appear to be a valid archive. If this file is part of a ZIP format backup set, insert the last disk of the backup set and try again. Please press F1 for help." The Worm has a payload; immediately after execution it will search all mapped drives for the following file types, and when it finds them, it will erase their contents and the file will be zero bytes: .c, .cpp, .h, .asm, .doc, .xls, or .ppt So everyone, just DON'T run anything that you get until you have scanned the file with a virus checker, or KNOW the person that sends it is clean and doesn't send viris or worms. If in doubt, DELETE the file. Read about this at: http://www.avertlabs.com/public/datafiles/valerts/ PAGES TO READ IF YOU DON"T BELIEVE ME: ==> http://www.avertlabs.com/public/datafiles/valerts/vinfo/va10185.asp http://www.symantec.com/avcenter/venc/data/worm.explore.zip.html