RootsWeb Mailing List Archives

RootsWeb.com Mailing Lists

Home

Results for list 'tnmeigs'

Sender

Subject

Content

Total: 1/1

1. [{Meigs Co., TN}] IMPORTANT ADMIN MESSAGE
2. Joyce Reece
3. I have already recieved one copy of this virus that CNN was speaking of just today. I strongly URGE all of you to upgrade your virus protection programs immediately. Subject: Computer Virus Information from a Friend! > Greetings, jreece@icx.net > > I thought you would be interested in knowing about this computer Virus... > > Name: W32/Myparty.a@MM > > Characteristics: > Due to the number of samples AVERT received Sunday night, an EXTRA.DAT has > been posted. AVERT continues to monitor the prevalence of this threat. > This mass-mailing worm drops a BackDoor trojan (<A target=_blank > href="http://vil.nai.com/vil/content/v_99333.htm">BackDoor-AAF</A>) on > WindowsNT/2K/XP system. The worm itself carries no destructive payloads. > It arrives in an email message containing the following information: > Subject: new photos from my party! Body: Hello! My party... It was > absolutely amazing! I have attached my web page with new photos! If you > can please make color prints of my photos. Thanks! > Attachment: www.myparty.yahoo.com (29,696 byte PE file) <IMG > src="http://vil.nai.com/images/99332.gif"> > The attachment name may trick some users into thinking that if they click > on the file, they will be taken to a Yahoo website. Certain email clients, > especially those that underline the filename, may make this attachment > appear more like a URL than the above Microsoft Outlook example which is > more clearly distinguishable. The attachment is an executable file with a > COM extension, not a URL. Running the attachment infects the local > machine. > On Windows9x/ME > <UL> > <LI>If the date is between January 25-29, 2002, the virus copies itself to > C:\Recycled\regctrl.exe and executes that file. </LI></UL> > On WinNT/2K/XP > <UL> > <LI>If the date is not between January 25-29, 2002, the worm copies itself > to C:\Recycled as F-[random number]-[random number]-[random number] with > no extension > <LI>If the date is between January 25-29, 2002, the worm copies itself to > C:\regctrl.exe and drops the file MSSTASK.EXE in the STARTUP folder. > MSSTASK.EXE is a BackDoor trojan. After the initial file is run, it is > deleted. If the executables filename is ACCESS, the user is directed to > the www.disney.com website. </LI></UL>This virus only attempts to massmail > itself on January 25, 26, 27, 28 or 29, 2002. The users default SMTP > server is retrieved from the registry. > > <UL> > <LI>HKEY_CURRENT_USER\Software\Microsoft\Internet Account > Manager\Accounts\00000001 </LI></UL> > The virus uses this SMTP server to send itself out to all addresses found > in the Windows Address Book and addresses found within .DBX files. > > To check your system for this Virus, and to learn how to protect yourself > from computer viruses, visit the McAfee.com Clinic at > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2103. > > For complete information on this Virus, view McAfee.com's Virus > Information Library listing at > http://vil.mcafee.com/dispVirus.asp?virus_k=99332. > > This email was sent to you by joyce reece > >
01/28/2002 01:37:41