|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Virus Update
On Thu, 4 May 2000 [email protected] wrote: > Just to clarify, it will look at files on network or net-mapped drives. > Our organization just found out the hard way. Ok, we must have stopped it before that happened to us. The person who ran this (argh) only affected their own hard drive and missed any network drives. > On 04-May-2000 Branden R. Williams wrote: > > > > Ok, this thing is pretty nasty... Here is a quick summary of what it > > does. > > > > Should you run it, you will lose any files of the following > > extensions. They will be renamed to filename.extension.vbs with a fresh > > copy of the replication part. > > > > File extensions > > affected: vbs,vbe,js,jse,css,wsh,sct,hta,jpg,jpeg,mp2,mp3. > > > > Every file with that extension is overwritten with the virus. It looks to > > be localized to mounted hard drives. It does not appear to affect mapped > > network drives. > > > > It also makes a dozen or so registry entries including one to reset your > > start page to the following URL. > > > > http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqweras > > djhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe > > > > I have not gone to this URL yet to see what it is, but it downloads a copy > > of a file called WIN-BUGSFIX.exe. > > > > In addition, it creates a MIRC script called script.ini to DCC SEND this > > to whatever channel you are on. > > > > Of course it sends it to everyone in your address book with the subject > > ILOVEYOU. It looks to only affect people who actually run the vbs > > script. I would assume that if you are not on a Windows platform that you > > are not affected. > > > > I'll let you know more when we find more. > > > > Cheers, > > > > Branden R. Williams <[email protected]> > > Vice President, Systems - NetVitality, Inc. > > http://www.netvitality.net/ > > Internet Commerce Specialists > > ---------------------------------- > E-Mail: [email protected] > Date: 04-May-2000 > Time: 10:49:31 > > We have met the enemy, and he is us. > -- Walt Kelly > > ---------------------------------- > Cheers, Branden R. Williams <[email protected]> Vice President, Systems - NetVitality, Inc. http://www.netvitality.net/ Internet Commerce Specialists
|