PPRuNe Forums - Yet Another Nasty Virus, Be Careful............

PPRuNe Forums (https://www.pprune.org/)

- Computer/Internet Issues & Troubleshooting (https://www.pprune.org/computer-internet-issues-troubleshooting-46/)

- - Yet Another Nasty Virus, Be Careful............ (https://www.pprune.org/computer-internet-issues-troubleshooting/34602-yet-another-nasty-virus-careful.html)

Yet Another Nasty Virus, Be Careful............

Just received this alert email from McAfee, this one is only on medium watch so far, but PLEASE be careful.......

** VIRUS ALERT - W32/APost@mm ("APost" or "New Backdoor") **
------------------------------------------------------------

W32/APost@mm ("APost" or "New Backdoor") worm has been
spreading over the past 24 hours This is a MEDIUM ON WATCH
worm. The infected email can come from addresses that you
recognize and may contain the following information:

Subject: As per your request!
Body: Please find attached file for your review.
I look forward to hear from you again very soon. Thank you.
Attachment: README.EXE

Running the attachment causes the worm to copy itself to the
Windows directory and send a copy of itself to every entry
in the user's Microsoft Outlook Address Book. It will then
display a small dialog box titled "Urgent!". This dialog box
contains one single large button labeled "Open". If this
button is pressed then the worm sends out further copies of
itself, displays an error message box with the title "WinZip
SelfExtractor: Warning" and then terminates.

This is the link to Symantec's AVCenter.
http://www.symantec.com/avcenter/ven...or.g_door.html

Thanks for the info :)

Now just received this alert email in the last few minutes...............

------------------------------------------------------------
** VIRUS WARNING - W32/magistr.b@mm **
------------------------------------------------------------

McAfee.com has seen a large and growing number of systems
infected with the W32/magistr.b@mm worm in Europe and South
America. Currently, there is a low incidence of this worm
appearing in North America, but customers in that region are
urged to be prepared. This is a MEDIUM RISK virus that is
spread to email recipients found in the sender's Windows
Address Book, Outlook Express mailboxes, Netscape mailboxes
and Eudora mailboxes. The infected email can come from
addresses that you recognize.

The messages sent by the worm contain varying subject
headings, body text, and attachments. The body of the
message is derived from the contents of other files on the
victim's computer. It may send more than one attachment and
may include non-EXE or non-viral files along with an
infectious .EXE file.

Five minutes after the virus is activated, it attempts to
send copies of itself to email addresses gathered from the
hard drive. It may also attach .GIF files found on the hard
drive to the emails it sends out.

The virus payload may also cause the following:

· Erasure of CMOS/BIOS info
· Destruction of sectors on the hard disk
· Deletion of all .NTZ files on the machine
· Termination of Zone Alarm firewall program
· Creation of a SYSTEM.INI [boot] shell value to
run itself at startup
· Overwrites the WIN.COM/NTLDR