SysChat

SysChat (http://www.syschat.com/forum.php)
-   Computer Security (http://www.syschat.com/software-support/computer-security/)
-   -   Windows virus scheduled to delete files on infected computers February 3rd (http://www.syschat.com/windows-virus-scheduled-delete-files-infected-244.html)

Sami 01-28-2006 04:39 PM

Windows virus scheduled to delete files on infected computers on February 3rd
 
Windows computer virus an email worm that has been circulating the past week or two will delete files on computers that are infected with it on February 3rd and the 3rd of every month thereafter.

The virus will try to spread itself by copying a file named WINZIP_TMP.exe to available shares it finds on the network. Doing a file search for that name will locate any copies that may have been placed on your computer. Finding the file does not mean your computer is infected. Only that you have an unsecure share on your computer allowing viruses and criminals to add, modify, and delete information on your computer.

The worm is known by various names including Kama Sutra, Blackmal, Nyxem, MyWife, and Blackworm.

Details can be found at the following locations below.

* http://www.symantec.com/avcenter/[email protected]
* http://www.trendmicro.com/vinfo/viru...me=WORM_GREW.A
* http://isc.sans.org/blackworm

Sami 02-02-2006 04:18 AM

Cleaning utilities for this virus (Nyxem.E)
 
F-Secure is providing following utilities for free to clean Nyxem.e infection from a computer, incase your computer is infected with this virus.

ftp://ftp.f-secure.com/anti-virus/tools/f-force.zip
http://www.f-secure.com/tools/f-force.zip

IMPORTANT! Please make sure that you read the End User License Terms document (Eult.rtf) and the Readme file (either Readme.txt or Readme.rtf) before using the F-Force utility!

The F-Force utility needs the archive with the latest updates in order to function properly. The archive's name is LATEST.ZIP and it should be downloaded and put into the same folder where the F-Force utility is located. This archive with the latest updates can be downloaded from these locations:

http://download.f-secure.com/latest/latest.zip
ftp://ftp.f-secure.com/anti-virus/up...est/latest.zip

Please note that the F-Force utility can disinfect only certain malicious programs. Besides the utility does not scan inside archives. So after cleaning a computer with the F-Force utility it is recommended to scan all hard drives with F-Secure Anti-Virus and the latest updates to make sure that no infected files remain there.

Sami 02-02-2006 02:33 PM

Microsoft advisory for the Kama Sutra worm, otherwise known as win32/[email protected] and
 
Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/[email protected] The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords.
Customers using Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003, or Windows Server 2003 Service Pack 1 may be at reduced risk from this malware; if the account password is blank, the account is not valid as a network credential. In an environment where you can guarantee physical security, you do not need to use the account across the network, and you are using Windows XP or Windows Server 2003, a blank password is better than a weak password. By default, blank passwords can only be used locally in Windows XP and Windows Server 2003.


Customers who are using the most recent and updated antivirus software could be at a reduced risk of infection from the Win32/[email protected] malware. Customers should verify this with their antivirus vendor. Antivirus vendors have assigned different names to this malware but the Common Malware Enumeration (CME) group has assigned it ID CME-24.


On systems that are infected by Win32/[email protected], the malware is intended to permanently corrupt a number of common document format files on the third day of every month. February 3, 2006 is the first time this malware is expected to permanently corrupt the content of specific document format files. The malware also modifies or deletes files and registry keys associated with certain computer security-related applications. This prevents these applications from running when Windows starts. For more information, see the Microsoft Virus Encyclopedia.


As with all currently known variants of the Mywife malware, this variant does not make use of a security vulnerability, but is dependent on the user opening an infected file attachment. The malware also attempts to scan the network looking for systems it can connect to and infect. It does this in the context of the user. If it fails to connect to one of these systems, it tries again by logging on with "Administrator" as the user name together with a blank password.

Read complete Advisory here ...


All times are GMT -4. The time now is 04:41 AM.


Copyright © 2005-2013 SysChat.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54