|WARNING - Virus / Worm Alert|
Check out http://www.symantec.com/avcenter/index.html
for more info.
|Virus Type - W32/Netsky.p@MM
Mail Propagation The worm sends mails using SMTP. Email sent has the following characteristics:
address taken from infected system)
Attachment: (one of the following)
Where .zip file is the worm in a zip file.
The mailing component harvests address from the local system. Files with the following extensions are targeted:
If you get a email which has text like shown below delete it. DO NOT OPEN IT OR ATTACHMENT.
It has a VIRUS in the attachment!!!
Be aware that any address / URL can be in the message (red area's below)
user of abcdefg.com
Be advised that a new virus called W32.Beagle.K@mm is spreading rapidly via e-mail. The message falsely appears to have been sent to you by abcdefg.com staff, and it may warn that your e-mail account will be disabled. This is NOT true! If you receive a message like this, please do not open the attachment. Rather, delete the message immediately, and run an updated anti-virus program if your computer is equipped with one. The virus spreads by e-mail and through file-sharing networks such as Kazaa and iMesh.
To learn more about the virus, how it spreads, how to
identify it, and how to protect yourself, please visit
|Virus Alert If you are running a program named msblast.exe you are infected with a virus. Infected systems often report an error in the RPC service and force a reboot. The free McAfee Stinger utility can remove this virus. Here is the McAfee description of the virus, We'll update what we know in the virus section of our forums.|
Due to the risk posed by e-mail viruses YOU should not
accepting messages that have any of the following attachment types:
|McAfee.com has seen a large and growing number of
computers infected with W32/Fbound.c@MM. This
MEDIUM-ON-WATCH RISK virus is a pure mass-mailing worm. It does not carry any other,
damaging, payload. The virus sends itself to all users found in the Windows Address book
using SMTP. It arrives in an email message containing the following information:
Subject: "Important" or a Japanese subject
When run, it immediately e-mails itself to all entries in the Windows address book. It does not install itself in any way. It contains the text "I-Worm.Japanize".This is a really BAD VIRUS W32.Magistr.39921@mm it is in Brookridge / Brooksville Florida, And it comes from someone you know. As attachment about 52Kb in size.
has seen an OUTBREAK of computers infected with W32/Goner@MM,
also known as Pentagone, Goner or Gone. This is a NEW, HIGH RISK virus that spreads via Microsoft
Outlook email and ICQ instantmessaging programs. This mass-mailing worm will
arrive from someone you know with the following email message:
WARNING 2 types Virusare being sent to Brookridge Residents
Click for INFO and removal >> VIRUS #1 called W32/Badtrans@mm
Click for INFO and removal >> VIRUS #2 called W32/Badtrans.b@mm
There are several persons here in Brookridge that are now sending this virus. IF you get a window requesting that you save a file or open it CLICK ON CANCEL then delete the email.
This one has been received here the
most. Badtrans.b details:
By Sam Costello
A new mass mailer worm, purporting to provide information about the disease anthrax, has appeared on the Internet but is being hampered because of a flaw in its design, antivirus companies said Wednesday.
The worm has been found in both English- and Spanish-language versions and arrives in inboxes with a subject line that reads "Anthrax" or "Antrax," according to Kaspersky Labs and Symantec.
Included is an attachment called Antraxinfo.vbs or Antraxjpg.vbs that the message says is a picture of "the results" of Anthrax, but is actually a .VBS file used to execute the worm, the companies said. When the file is double-clicked, the worm attempts to overwrite all system files ending in .VBS and .VBE, as well as send itself to all addresses listed in the system's Outlook address book, they said. It may also attempt to overwrite a Script.INI file used by chat clients, Symantec said.
Because of a flaw in the way the worm is written, however, it fails to spread as designed, both companies said.
The body text of the worm reads: "If you don't know what antrax is or what the results of it are, please see the attached picture so that you can see the results that it has. Note: the picture might be too strong." In Spanish the worm says, "Si no sabes que es el antrax o cuales son sus efectos aqui te mando una foto para que veas los efectos que tiene. Nota: la foto esta un poco fuerte."
The design of the worm's message attempts to play upon heightened public awareness in the U.S. about anthrax after a rash of infections and scares about the disease in the last week. One person in Florida has died from the inhalation form of anthrax, while 13 in New York and Florida have tested positive to exposure, although some of those tests may yet turn out to be negative because preliminary tests can result in false positive results. Four confirmed cases of anthrax illness have been reported.
A wing of a U.S. Senate office building was closed Tuesday and authorities started screening and treating hundreds of people there for possible exposure after test results on a letter sent to Senate Majority Leader Tom Daschle came back positive for anthrax.
has seen a large and growing number of systems infected with the W32/Nimda@MM. This is a HIGH RISK virus that is spread via
email. W32/Nimda@MM also spreads via open shares, the
Microsoft Web Folder Transversal vulnerability (also used by W32/CodeBlue), and a
Microsoft content-type spoofing vulnerability.
The email attachment name VARIES and may use the icon for an Internet Explorer HTML document.
It will also attempt to spread itself as follows: - The email messages created by the worm include content that allows the worm to execute the attachment even if the user does not open it. - It modifies HTML documents, so that when this infected window is accessed (locally or remotely), the machine viewing the page is then infected. Once infected, your system is used to seek out others to infect over the Web.
|W32/APost@ mm ("APost" or
"New Backdoor") The infected email can come from addresses that you
recognize and may contain the following information:
Subject: As per your request!
Body: Please find attached file for your review.
I look forward to hear from you again very soon. Thank you.
Running the attachment causes the worm to copy itself to the Windows directory and send a copy of itself to every entry in the user's Microsoft Outlook Address Book. It will then display a small dialog box titled "Urgent!". This dialog box contains one single large button labeled "Open". If this button is pressed then the worm sends out further copies of itself, displays an error message box with the title "WinZip SelfExtractor: Warning" and then terminates. For detection and removal instructions for theW32/APost@ mm ("APost" or "New Backdoor") worm, click here. -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2422
McAfee.com VirusScan Online and Clinic subscribers: If you don't have ActiveShield installed and updated, you are not protected from this virus. Click here to download ActiveShield. -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2372
TWO virus infected files in Brookridge One name is SULFNBK.EXE Click here for more info
and is (73.8KB in size). The file was sent to me with Bud's & Dot & Don's
e-mail address on it, but they may have not sent it out. The real windows file is
(44KB) in size. A short time ago we had a Hoax about Deleting the windows file
SULFNBK.EXE. Also sent to some of our residents is File name KAKPOHKA.exe (21.0KB in
size) Click here
for more info DO NOT OPEN THESE FILES AS THEY WILL RELEASE DIFFERENT
"BUGS" in YOUR COMPUTER
email HOAX has been circulating recently that has received a lot of press and public
attention. The subject
has seen a large and growing number of computers infected with VBS/VBSWG.Z@MM. A virus that is spread via the
Windows email program Outlook. The infected email can come from addresses that you
recognize, with an attachment named "Mawanella.vbs". The email message can
appear as follows:
Body: Mawanella is one of the Sri Lanka's Muslim Village
Opening the attachment initiates the mass e-mailing routine. When the attachment is running, it displays a message-box entitled "VBScript: Mawanella" which reads: Mawanella is one of the Sri Lanka's Muslim Village. This brutal incident happened here 2 Muslim Mosques,100 Shops are burnt. I hat this incident, What about you? I can destroy your computer I didn't do that because I am a peace-loving citizen. It copies itself to the Windows System directory as a file called "Mawanella.vbs" and e-mails itself to all recipients in the Microsoft Outlook address book.Click here for more information. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2251
|A virus in Brookridge which sends a second message with every message you send out. If you get a message which has a attachment with some filename .EXE , .SCR or .VBS extension. it could contain a virus. DO NOT OPEN the attachment. ANNAKOURNIKOVA.JPEG.VBS & W32.HybrisF (.SCR) are two of the new Viruses. On CNN last night that "Here you have;0)" is an actual virus...Using Outlook Express..|
|Instructions -- Windows
Desktop (You must be using Internet Explorer to download this file). This file can be
saved to an alternate folder; and if an alternate folder is used you will need to launch
this program from that folder rather than the desktop folder. If the file has been saved
to the Windows Desktop folder an icon for this program will appear on your desktop. Please
note that this program has a ".com" extension and not a ".exe"
extension. It is important that this extension be preserved. After the file finishes
downloading launch the program by double-clicking on the fixnavid icon that appears on the
desktop. If you saved this program to an alternate folder you will need to open the
appropriate folder via the "My Computer" window and launch the program from that
|Warning Prettypark virus is back in Brookridge Thank You Jack Fieber for the
heads up on this one!! There is a new virus; the
subject is "A great shockwave movie". There is an attachment
named "creative.exe" that will trigger the virus.
DO NOT OPEN THIS MESSAGE - DELETE IT IMMEDIATELY. W32.Prolin.Worm is a worm that spreads via Microsoft Outlook by emailing itself to everyone in the Outlook address book. : TROJ_SHOCKWAVE.A, CREATIVE, TROJ_PROLIN.A
Thank You Donna Colombo for the heads up on this one!!
The next time some one sends you a Virus WARNING. You need to got to one of these websites and chek it out, before you forword the messge on to some one else. The two main reasons for starting a hoax is one it slows down & fills up computers on the internet. The second is after a while you become complancent to the threats so when the REAL THING comes you do not do anything, mainly because the last 10 were hoaxes.