Virus Alert

W32.Apost.Worm@mm

 

TOP 25 VIRUSES: (LOOK FOR THEM IN YOUR EMAIL; BEFORE YOU CLICK ON THE LINKS)

W32.Magistr.39921@mm W32.Apost.Worm@mm W32.Urgent.Worm@mm W32.Qint@mm Backdoor.G_Door VBS.Fiber.C W97M.Marker.JG Trojan.Pounds Trojan.Error JS.Seeker.B Trojan.JS.Cover Trojan.Magnatta W32.Invictus.dll Trojan.Zeraf W32.Zoek@mm VBS.Zync.A VBS.Snights Backdoor.Penrox Trojan.JS.Offensive Trojan.Offensive Trojan.JS.Clid.gen JS.Clid.A@mm VBS.Proud.A@mm Eumel.383 VBS.XPMsg@mm

Article submitted by: April Matthews
For more information: http://www.symantec.com/avcenter/

Virus Alert The IT department has noted that there is a new Trojan Horse is On Campus, Sircam is also on campus (notice went out a couple of weeks ago). They are extremely hard to get rid of. Please be careful....

Symantec has received a substantial number of submissions since September 4, 2001 for this worm, formerly known as W32.Urgent.worm@mm. Therefore, Symantec has upgraded the threat level from 2 to 3. We have added detection since its its original discovery and certified definitions will be posted on September 4, 2001.

This worm is a Visual Basic Application that arrives as a readme.exe attachment to an e-mail. This worm requires Microsoft Visual Basic Runtime Libraries to replicate. The body of the e-mail asks the recipient to review the attachment, but once viewed, the worm will activate hook your systems activation routines and then spread itself to everyone in the user's address book

Also Known As: W32/Apost-mm, W32/Apost-A,

W32.Urgent.Worm@mm Arrival

This worm arrives as an attachment to the following e-mail

Subject As per your request!

Body Please find attached file for your review.

I look forward to hear from you again very soon. Thank you. It will then display the message box:

and waits for you to press the button, once you've pressed the button, it will go through the above steps once more and then shows you the following fake error message:

and then quits.

Attention Since this worm activates its insertion and e-mailing routinue twice. An user likely will get at least two e-mails with this worm as an attachment.

 

Removal & Prevention Instructions

1. Run LiveUpdate to make sure that you have the most recent virus definitions. Most viruses can be cleaned up automatically by NAV (Norton Anti-Virus) located on your computer. To ensure this, please 'manually' execute your Norton Liveupdate. To do so: go to start - program files- Norton antivirus- at the top on the right hand side please click on liveupdate - then click on next - then click on next and then finish or go to start -settings - control panel- liveupdate - then click on next- then click on next or http://www.wnmu.edu/liveUp.htm is a visual guide.

2. Start Norton AntiVirus (NAV), and run a full system scan, making sure that NAV is set to scan all files.

3. Delete any files detected as Trojan.JS.Offensive . If you are unable to locate or have any problems with this procedure please contact the IT 'Help Desk' at: 4357 (574-4357 off campus)
 


Symantec has released new virus definitions for this virus. Please run Live-update on your machine.
Directions to Run Live-update: http://www.wnmu.edu/LiveUp.htm

If you are unable to locate or have any problems with this procedure please contact the 'Help Desk' at ext.: 4357 (574-4357 off campus)