[Towertalk] Re: [Amps] FW: Virus removal from Norton AntiVirus SupportNow News Bulletin: Apr. 26, 2002
Verner Topsøe-Jensen OZ5TG
oz5tg@post2.tele.dk
Mon, 29 Apr 2002 20:21:34 +0200
Be aware that this V.... when transmitting itself to others uses adresses from the the adressbook, the ICP database and from adresses found in randomly selected files at the harddisk.
While spreading, it attaches itself as well as a randomly selected file from your computer, so You never know which of your maybe VERY private files are distributed to all your friends.
The worst problem with this V.... is that it is able, when activated, to shutdown your AntiV. program and DELETE it.
You have to be VERY careful when receiving mails even from wellknown people, friends or family.
I have repaired a friends computer today, I can confirm that the free tool supplied by Symantec is working OK in finding active Vs, but I had to restore the AnitV. program from scratch and install it again in order to scan the drives, and by doing that I found further 6 sleeping Vs.
But it all starts with our own routines dealing with mail with attachements.
Be prepared, use AV-programs and most of all your head.
Best 73 de OZ5TG, Verner
----- Original Message -----
From: "Kevin Adam" <n9iww2@verizon.net>
To: <amps@contesting.com>; <towertalk@contesting.com>
Sent: Sunday, April 28, 2002 8:10 PM
Subject: [Amps] FW: Virus removal from Norton AntiVirus SupportNow News Bulletin: Apr. 26, 2002
> Please Read the following information Norton antivirus has a fix for the
> virus for free please read Below.
> N9IWW
> Kevin Adam
> 1239 W. Till Rd.
> Fort Wayne In. 46825-2145
>
> Phone & Fax 1-260-4907312
>
>
> -----Original Message-----
> From: NAV-Techinfo [mailto:es@symantec.com]
> Sent: Friday, April 26, 2002 8:17 AM
> To: NAV-TECHINFO-L@lserver.symantec.com
> Subject: Norton AntiVirus SupportNow News Bulletin: Apr. 26, 2002
>
> April 26, 2002
> _____________________________
>
> In this issue:
>
> 1. W32.Klez.gen@mm
> 2. Removal utility
> 3. Feedback
> 4. Subscribing and unsubscribing
> 5. Disclaimer
>
> _____________________________
>
> NOTE: This is an outgoing email address. Do not reply to this email
> message. If you require assistance with installing, configuring, or
> troubleshooting a Symantec product, or if you have a question for
> Customer Service, then visit the Symantec Service & Support Web site
> at the following Internet address:
>
> http://www.symantec.com/techsupp/
>
> Select your product and version, and then click Go.
>
> To view this and prior News Bulletins in HTML format, visit the
> following Internet address:
>
> http://www.symantec.com/techsupp/vURL.cgi/navarc
>
> _____________________________
>
> 1. W32.Klez.gen@mm
>
> W32.Klez.gen@mm is a mass-mailing worm that searches the Windows
> address book for email addresses and sends messages to all recipients
> that it finds. The worm uses its own SMTP engine to send the messages.
>
> The subject and attachment name of incoming email is chosen randomly.
> The attachment will have one of the following extensions: .bat, .exe,
> .pif or .scr.
>
> The worm exploits a vulnerability in Microsoft Outlook and Outlook
> Express in an attempt to execute itself when you open or even preview
> the message.
>
> W32.Klez.gen@mm attempts to copy itself to all network shared drives
> that it finds.
>
> Depending on the variant of the worm, the worm will infect the system
> with one of the following viruses:
>
> W32.Klez.gen@mm is a generic detection that detects variants of
> W32.Klez. Computers that are infected with W32.Klez.gen@mm are most
> likely infected with either W32.Klez.E@mm or W32.Klez.H@mm. Please
> refer to the following write-ups for more information.
>
> W32.Klez.E@mm
>
> http://www.symantec.com/techsupp/vURL.cgi/nav115
>
> W32.Klez.H@mm
>
> http://www.symantec.com/techsupp/vURL.cgi/nav116
>
> _____________________________
>
> 2. Removal utility
>
> Symantec has provided a utility to remove infections of
> W32.Klez.E@mm, W32.Klez.H@mm, W32.ElKern.3587, and W32.ElKern.4926.
> If your computer is detected as infected with W32.Klez.gen@mm,
> download and run the utility. In most case, to utility can remove the
> infection. To download the W32.Klez removal utility, point your Web
> browser to:
>
> http://www.symantec.com/techsupp/vURL.cgi/nav117
>
> This is the easiest way to remove these threats and should be tried
> first.
>
> Virus definitions dated April 17, 2002, or later will detect this
> worm.
>
> For additional information, point your Web browser to:
>
> http://www.symantec.com/techsupp/vURL.cgi/nav118
>
> _____________________________
>
> 3. Feedback
>
> Do you have feedback that can help us provide better products or
> services? If so, then we want to hear from you. Visit the Symantec
> suggestion box at the following Internet address, and let us know how
> we can improve:
>
> http://www.symantec.com/feedback/
> _______________________________
>
> 4. Subscribing or unsubscribing
>
> If you want to subscribe to other Symantec newsletters, then follow
> the instructions at the following Internet address:
>
> http://www.symantec.com/techsupp/bulletin/index.html
>
> If you no longer want to receive this newsletter, then follow these
> steps:
>
> 1. Create a new email message addressed to:
>
> LISTSERV@LSERVER.SYMANTEC.COM
>
> 2. In the Subject line, type the following:
>
> UNSUBSCRIBE
>
> 3. In the body of the message, type the following:
>
> SIGNOFF NAV-TECHINFO-L
>
> 4. Send the message.
>
> If you want to unsubscribe from other Symantec newsletters, then
> follow the instructions at the following Internet address:
>
> http://www.symantec.com/techsupp/bulletin/index.html
>
> _____________________________
>
> 5. Disclaimer
>
> THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY.
>
> This message contains Symantec Corporation's current view of the
> topics discussed as of the date of this document. The information
> contained in this message is provided "as is" without warranty of any
> kind, either expressed or implied, including but not limited to the
> implied warranties of merchantability, fitness for a particular
> purpose, and freedom from infringement. The user assumes the entire
> risk as to the accuracy and the use of this document. This document
> may not be distributed for profit.
>
> Symantec and the Symantec logo are U.S. registered trademarks of
> Symantec Corporation. Other brands and products are trademarks of
> their respective holder(s).
>
> (c) Copyright 2002 Symantec Corporation. All rights reserved.
> Materials may not be published in other documents without the
> express, written permission of Symantec Corporation.
>
> _______________________________________________
> Amps mailing list
> Amps@contesting.com
> http://lists.contesting.com/mailman/listinfo/amps