SysChat is a free online computer support community. Ask questions, share resources, contribute knowledge and discuss technology. Join our growing community to access all features. Register Now!

SysChat » Software Support » Computer Security » Windows virus scheduled to delete files on infected computers February 3rd

Computer Security

Discuss Computer Security- Viruses, Adware, Spyware, etc...

Reply
 
LinkBack Thread Tools
  #1 (permalink)  
Old 01-28-2006, 04:39 PM
Sami's Avatar
Sami Sami is offline
Administrator
 
About:
Join Date: Jan 2006
Location: New Jersey
Posts: 804
Sami has a spectacular aura aboutSami has a spectacular aura aboutSami has a spectacular aura about

Default Windows virus scheduled to delete files on infected computers on February 3rd


Windows computer virus an email worm that has been circulating the past week or two will delete files on computers that are infected with it on February 3rd and the 3rd of every month thereafter.

The virus will try to spread itself by copying a file named WINZIP_TMP.exe to available shares it finds on the network. Doing a file search for that name will locate any copies that may have been placed on your computer. Finding the file does not mean your computer is infected. Only that you have an unsecure share on your computer allowing viruses and criminals to add, modify, and delete information on your computer.

The worm is known by various names including Kama Sutra, Blackmal, Nyxem, MyWife, and Blackworm.

Details can be found at the following locations below.

* http://www.symantec.com/avcenter/[email protected]
* http://www.trendmicro.com/vinfo/viru...me=WORM_GREW.A
* http://isc.sans.org/blackworm




Last edited by sysadmin; 01-28-2006 at 09:17 PM..
Reply With Quote
  #2 (permalink)  
Old 02-02-2006, 04:18 AM
Sami's Avatar
Sami Sami is offline
Administrator
 
About:
Join Date: Jan 2006
Location: New Jersey
Posts: 804
Sami has a spectacular aura aboutSami has a spectacular aura aboutSami has a spectacular aura about

Default Cleaning utilities for this virus (Nyxem.E)


F-Secure is providing following utilities for free to clean Nyxem.e infection from a computer, incase your computer is infected with this virus.

ftp://ftp.f-secure.com/anti-virus/tools/f-force.zip
http://www.f-secure.com/tools/f-force.zip

IMPORTANT! Please make sure that you read the End User License Terms document (Eult.rtf) and the Readme file (either Readme.txt or Readme.rtf) before using the F-Force utility!

The F-Force utility needs the archive with the latest updates in order to function properly. The archive's name is LATEST.ZIP and it should be downloaded and put into the same folder where the F-Force utility is located. This archive with the latest updates can be downloaded from these locations:

http://download.f-secure.com/latest/latest.zip
ftp://ftp.f-secure.com/anti-virus/up...est/latest.zip

Please note that the F-Force utility can disinfect only certain malicious programs. Besides the utility does not scan inside archives. So after cleaning a computer with the F-Force utility it is recommended to scan all hard drives with F-Secure Anti-Virus and the latest updates to make sure that no infected files remain there.



Reply With Quote
  #3 (permalink)  
Old 02-02-2006, 02:33 PM
Sami's Avatar
Sami Sami is offline
Administrator
 
About:
Join Date: Jan 2006
Location: New Jersey
Posts: 804
Sami has a spectacular aura aboutSami has a spectacular aura aboutSami has a spectacular aura about

Default Microsoft advisory for the Kama Sutra worm, otherwise known as win32/[email protected] and


Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/[email protected] The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords.
Customers using Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003, or Windows Server 2003 Service Pack 1 may be at reduced risk from this malware; if the account password is blank, the account is not valid as a network credential. In an environment where you can guarantee physical security, you do not need to use the account across the network, and you are using Windows XP or Windows Server 2003, a blank password is better than a weak password. By default, blank passwords can only be used locally in Windows XP and Windows Server 2003.


Customers who are using the most recent and updated antivirus software could be at a reduced risk of infection from the Win32/[email protected] malware. Customers should verify this with their antivirus vendor. Antivirus vendors have assigned different names to this malware but the Common Malware Enumeration (CME) group has assigned it ID CME-24.


On systems that are infected by Win32/[email protected], the malware is intended to permanently corrupt a number of common document format files on the third day of every month. February 3, 2006 is the first time this malware is expected to permanently corrupt the content of specific document format files. The malware also modifies or deletes files and registry keys associated with certain computer security-related applications. This prevents these applications from running when Windows starts. For more information, see the Microsoft Virus Encyclopedia.


As with all currently known variants of the Mywife malware, this variant does not make use of a security vulnerability, but is dependent on the user opening an infected file attachment. The malware also attempts to scan the network looking for systems it can connect to and infect. It does this in the context of the user. If it fails to connect to one of these systems, it tries again by logging on with "Administrator" as the user name together with a blank password.

Read complete Advisory here ...



Reply With Quote
Reply




Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are on



» Ads



1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54