Now having personally experienced the worm myself.....

This is how it went, there was no known way to remove the worm with

any current software for the variety that I had, it was mutagenic, recognized

AVP, and other forms of disinfectors and went nuts propagating itself to the

point the only solution left was Low level format...format and reinstall

 

At that point we were not sure if the media itself was not damaged and

held our breath for a while, thankfully it was not and now my box is back

up and running  -minus the data that was not recoverable.

 

If anyone is having their techs do this, be nice to them and be kind

because it takes about 6 hours plus to do each box completely

 

-Henry

"Jade E. Deane" <[email protected]> wrote:

Drew,
You're not seeing things. I would say you can thank "W32/Sobig.F-mm",
referenced in http://news.com.com/2100-1002_3-5065494.html.

Allow me to quote a bit from the story:

[quote]
The sender appears to be someone from a recognized domain name, such as
ibm.com, zdnet.com or microsoft.com. The subject line typically says
"Re: Details," "Resume" or "Thank you."

Attachment names may include: your_document.pif, details.pif,
your_details.pif, thank_you.pif, movie0045.pif, document_Fall.pif,
application.pif, and document_9446.pif.
[/quote]

Regards,
Jade

On Tue, 2003-08-19 at 15:33, Drew Weaver wrote:
> Don't kill me for posting this, it may be slightly off
> topic but I have noticed a very odd spike in traffic with these virii
> that have .pifs attached to them.
>
>
>
> The subject is random.
>
>
>
> The body always says:
>
>
>
> "See attached file for details" and they're always a pif file.
>
>
>
> Anyone else notice this?
>
>
>
> -Drew
>
>


> ATTACHMENT part 2 application/pgp-signature name=signature.asc