PPRuNe Forums

PPRuNe Forums (https://www.pprune.org/)
-   Computer/Internet Issues & Troubleshooting (https://www.pprune.org/computer-internet-issues-troubleshooting-46/)
-   -   Sonic.Worm Approaching (https://www.pprune.org/computer-internet-issues-troubleshooting/33711-sonic-worm-approaching.html)

mriya225 2nd November 2000 07:59
Sonic.Worm Approaching
 
Just got this virus alert and wanted to share it with you all:

A newly discovered virus is spreading throughout Europe and may threaten the United States. Sonic.Worm is an e-mail virus that keeps itself up-to-date by downloading enhancements from a web site.
"Win32.Sonic.56 can act as a backdoor to allow a hacker access to your PC..."
An Invasion Possible:
Most major anti-virus software manufacturers, such as Symantec and Computer Associates, are getting reports of Sonic.Worm infections from France and Germany and a small number of reports from Canadian provinces. Although it is undetermined how many PCs in the United States are infected, all e-mail viruses should be treated with an ounce of prevention since they tend to be very prolific.
The Perpetrator:
Sonic.Worm will arrive as an e-mail message that has the following subject:


Choose Your Poison, or I'm your poison


The virulent part of the e-mail is an executable attachment named:


girls.exe, or lovers.exe


If you are unlucky enough to launch the executable, the following text will be displayed in a Windows message box:


"girls.exe is not a valid Win32 application.", or "lovers.exe is not a valid Win32 application."


Sonic will copy itself to the Windows system directory as a file called GDI32.exe and install itself in the System Registry under the Run Key as HKLM\Software\Microsoft\Windows\Current Version\Run"GDI"=C:\Windows\System\GDI32.exe
Once the file loads to your system it tries to update itself with a file called "Lastversion.txt" from www.geocities.com. The text file that is downloaded is non-virulent. It contains information telling Sonic.Worm what the latest version of the virus is. For example, if "Lastversion.txt" contains the number 52, a file named 52.zip is downloaded and used to update Sonic.Worm to the most current version.
Note: According to sources at Computer Associates, the latest version, Win32.Sonic.56, can act as a backdoor to allow a hacker access to your PC. Once they have admission to your PC, they can steal passwords or manipulate files contained on your hard drive.
http://updates.zdnet.com/articles/ax_51127.htm (article)

Source: www.zdnet.com


ExSimGuy 7th November 2000 12:46
(as much to get this back nearer the top as anything else)

DON'T run attachments unless you really trust them!!

------------------
---- "Per Ardua ad Mixas" ----
(Through hardship to the bars)


All times are GMT. The time now is 02:50.


Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.