Virus Alert!!! Outlook Express Users Please Read!

[Heavyarms]

THERE HAS BEEN A VIRUS DISCOVERED! IT SAYS THAT THEY SAW A SCREENSAVER, IT REMINDED ME OF YOU, OPEN IT, i'M IN A HARRY, TALK TO YOU LATER! MAKE SURE YOU DO NOT OPEN THE ATTACHMENT. I GOT IT, WAS ONE SECOND AWAY FROM SCREWING MY COMPUTER!

[Tie Guy]

Do you guys just open every email you get. I mean, why would you open some strange e-mail about something personal from someone who you don't know?

[Heavyarms]

thought it was someone my parents knew... I was smart enough not to open the attachment. I luckily saved my computer, which I am proud of!

[Sherack Nhar]

Bah. I'm regularly formatting my hard drive, so these worms don't scare me at all.

[darthfergie]

lol

My Mom gets hit by every virus imaginable. She always knows when vruses come because she get 12-15 e-mails with it *lol*

 

She got it but deleted it of course...

[TheJackal]

Most LucasGames staffers have been getting lots of virus by mail. What do you expect with a populor domain network? Anyways, none of us got infected, just very annoying.

[Guest Kudar]

I average 6 virii a day through my battlegroundsuk.com email

 

As for "saving your computer" WC_heavyarms, this virus doesn't destroy anything on your pc other than anti-virus software which you can reinstall after cleaning, it simply pretends to be a screensaver, will secretly adding info to the registry that makes the program run on start up. It then attempts to disable antivirus software by attacking a series a predetermind files:

 

 

AVP32.EXE,

_AVPCC.EXE,

_AVPM.EXE,

APLICA32.EXE,

AVCONSOL.EXE,

AVP.EXE,

AVP32.EXE,

AVPCC.EXE,

AVPM.EXE,

CFIADMIN.EXE,

CFIAUDIT.EXE,

CFINET.EXE

CFINET32.EXE,

ESAFE.EXE,

FRW.EXE,

IAMAPP.EXE

IAMSERV.EXE

ICLOAD95.EXE,

ICLOADNT.EXE,

ICMON.EXE,

ICSUPP95.EXE,

ICSUPPNT.EXE,

LOCKDOWN2000.EXE,

NAVAPW32.EXE,

NAVW32.EXE,

PCFWallIcon.EXE,

TDS2-98.EXE,

TDS2-NT.EXE,

SAFEWEB.EXE.

VSHWIN32.EXE,

VSECOMR.EXE,

VSSTAT.EXE,

WEBSCANX.EXE,

ZONEALARM.EXE.

 

If the worm finds one of the above processes, it will attempt to terminate it. The worm will also attempt to delete all files from any directory containing files of those names, and creates a file called wininit.ini in order to delete any remaining files the next time Windows is restarted.

 

The worm deletes all files from C:\SAFEWEB\

 

The worm also infects the Internet Relay Chat client mIRC. It does this by dropping an mIRC script file REMOTE32.INI, in the mIRC folder and adding a section to MIRC.INI to load the script in the dropped file when the victim uses mIRC.

 

It also propagates using the messaging program ICQ.

 

The worm creates a copy of itself named gone.scr in the Windows System directory. In order to ensure that the worm is run each time Windows is restarted it creates a registry key containing the name of the worm file in

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

A pain in the backside, but not that dangerous, those of you with antivirus software should make sure you sign up for regular updates so you don't get fooled by stuff like this.

 

 

Also it can effect everyone, it doesn't matter what mail client you use because the virus comes as a scr file which windows will copy to your system directory, where it will stay as it is impossible to delete the file without a cleaning kit from your antivirus supplier.

 

 

Other virii that are on the go at the moment include

 

one that also says "hi" as the subject, but has no message and usually contains a txt file and another attachment containing the BadTrans virus.

 

HAHA@Sexyfun.net Snowwhite and the 7 dwarfs is another common one.

 

The easiest solution is to a) don't open suspect mail or b) get a virus scanner and keep it's ide files up to date.

 

for all you know your pcs could be infected now and sending virii to others.

 

 

be safe

[Heavyarms]

I found out after this happened it was sent from another infected computer from someone my dad knew...