|
|
|
This section of our web site will deal with new virus threats as we come in contact with them. If you have a virus we recommend logging on to Symantec Antivirus Research Center. |
Click here for our virus download directory
| 9/18/2001 | Nimda | Nimda Repair Tool. Click Here. |
| 08/01/2001 | W32.SIRCAM |
This virus is delivered as an attachment with the
following email text.
Hi! How are you? I send you this file in order to have your
advice See you later. Thanks W32.Sircam.Worm@mm contains its own SMTP engine, and propagates in a manner similar to the W32.Magistr.Worm. Due to what appears to be a bug, this worm does not replicate under Windows NT or 2000. SARC has created a tool to remove this worm. CAUTION: In some cases, if you have had NAV quarantine or delete infected files, you will not be able to run .exe files, however you will still be able to run the removal tool.To remove this virus you should do the following: 1. Download the removal tool. Click here for removal tool. 2. Physically disconnect your system from any network or internet connection. 3. Disable Norton auto protect or end task on Norton auto protect. 4. Run the removal tool on each system separately. 5. Re attach to your network. 6. Restart your system. |
| 09/07/2000 | Notepad.Qaz | W32.HLLW.Qaz.A is a Win32 companion virus with the ability to spread over the network and also create a backdoor. When the virus is launched it searches available network drives for a copies of notepad.exe and renames them to note.com. It then copies itself (virus code) across the network to the infected computers as notepad.exe. Each time notepad.exe is executed it runs the virus code and the original notepad (renamed to note.com) to avoid being noticed. Click here for help. http://www.symantec.com/avcenter/venc/data/w32.hllw.qaz.a.html |
| 10/09/2000 | W32.HLLW.Bymer | W32.HLLW.Bymer is a worm written in a high level language. The worm spreads via shared network drives. It looks for shared folders on the network, and copies itself if it is able to insert itself in the Windows\system folder. The payload includes copying the Dnetc client and modifying the Win.ini file. The Dnet client is not viral and will not be detected by Norton AntiVirus. The worm was previously detected as Dnet.Dropper. Also known as: Dnet.Dropper, W32/Msinit Click here for help. http://www.symantec.com/avcenter/venc/data/w32.hllw.bymer.html |
| 11/21/2000 | Romeo & Juliet virus | VIRUS ALERT: NOTHING
ROMANTIC ABOUT NEW ROMEO & JULIET VIRUS
GFI, leading developer of email content checking & anti-virus gateway software, has discovered a hazardous new email virus that it named the Romeo & Juliet virus. The second virus this year to bear romantic connotations, following the Love Bug last May, Romeo & Juliet is particularly dangerous because current virus scanners cannot detect it. The virus is transported by an HTML email containing malicious code, an executable file called My Romeo and a compiled help file (.chm) called My Juliet. The Romeo & Juliet virus takes advantage of an exploit described by Georgi Guninski. The HTML code automatically runs an executable file. It then spreads across the Internet by connecting to a number of open relay sites. "The Romeo & Juliet virus takes email viruses to alarming new dimensions, as it cannot be detected by anti-virus programs," said Nick Galea, CEO of GFI. "It seems to rely on HTML scripts to run an executable file without user intervention. The only way to protect your network against the Romeo & Juliet virus is to block it at server level using a content checking email gateway like Mail essentials, which can be set to filter all mails containing HTML scripts, as well as .chm and .exe attachments." GFI is offering a trial version of its content checking software, which can intercept Romeo & Juliet, on its Web site at http://www.gfi.com. |
| 11/30/2000 | MTX | The bug, called MTX, which was discovered in August and initially labeled as low risk, has been growing and last week it was the most prevalent virus in the world. The bug’s features include it’s program to stop the victim from visiting antivirus Web sites and sending “help” e-mails to antivirus companies. MTX arrives as an e-mail attachment and propels itself around networks in Melissa style, prowling the victim’s Outlook e-mail address book and sending copies to every address it finds there. The bug’s arrival is deceptive. Examples are: I_am_sorry_doc.pif, zipped_files.exe, I_wanna_see_you.txt.pif, Matrix_screen_saver.scr, Love_letter_for_you.txt.pif, New_playboy_screen_saver.scr, Bill_gates_piece.jpg.pif. The bug was the most prevalent virus during the past seven days, having infected 3,000 computers worldwide. Because Command Software Systems is not in the bug’s list of blocked sites, it is suggested that infected users visit that firms’s Web site for help. Users of Symantec’s Norton Utilities can also download software updates and fixes from Tucows.com, which is not blocked by the MTX virus. |