Hallo,
auch, wenn es eigentlich nicht hierher gehört, möchte ich vor einem neuen Dateivernichter warnen. Im Folgenden die Infos vom Symantec Antivirus Research Center. Das Virus putzt tatsächlich die Platte leer, ist also deutlich lästiger als die Loveletter-Variations!
Ich wünsche Euch einen guten Start in die Woche 22,
Gruß
LARA C.
---------------
W97M.Melissa.BG
Last Updated: May 26, 5:59pm PST
W97M.Melissa.BG is a Word 97 macro virus that has a payload of deleting necessary system files. It also sends itself out through e-mail using Microsoft outlook. The subject of the e-mail is "Resume - Janet Simons".
Also known as: ResumeWorm, W97M.Resume.A
Category: Worm
Infection length: 41,472
Virus definitions: May 26, 2000
Threat assessment:
Wild:
Medium Damage:
High Distribution:
High
Wild
Number of Infections: 50-99
Number of Sites: 3-9
Geographical Distribution:Medium
Threat Containment:Easy
Removal:Easy
Damage
Payload:
Large Scale E-mailing:All addresses in the User's Address book using Microsoft Outlook
Deletes Files:C:\*.*
C:\My Documents\*.*
C:\WINDOWS\*.*
C:\WINDOWS\SYSTEM\*.*
C:\WINNT\*.*
C:\WINNT\SYSTEM32\*.*
Also A-Z:\*.*
Degrades Performance:may crash e-mail server
Causes System Instability:Deletes system files.
Distribution
Subject of E-mail:Resume - Janet Simons
Name of Attachment:RESUME1.DOC or Explorer.doc or NORMAL.DOT
Size of Attachment:41,472
Technical description:
W97M.Melissa.BG a macro virus which has an unusual payload. When a user opens an infected document, the virus will attempt to e-mail a copy of this document to everyone in the user's address book, using Microsoft Outlook. The virus also drops 2 copies of itself. One is dropped to
C:\Data\Normal.dot
Another is dropped to:
C:\WINDOWS\Start Menu\Programs\StartUp\Explorer.doc
Upon closure of the document the virus attempts to delete the files:
"C:\*.*"
"C:\My Documents\*.*"
"C:\WINDOWS\*.*"
"C:\WINDOWS\SYSTEM\*.*"
"C:\WINNT\*.*"
"C:\WINNT\SYSTEM32\*.*"
"A:\*.*"
"B:\*.*"
"D:\*.*"
"E:\*.*"
"F:\*.*"
"G:\*.*"
"H:\*.*"
"I:\*.*"
"J:\*.*"
"K:\*.*"
"L:\*.*"
"M:\*.*"
"N:\*.*"
"O:\*.*"
"P:\*.*"
"Q:\*.*"
"R:\*.*"
"S:\*.*"
"T:\*.*"
"U:\*.*"
"V:\*.*"
"W:\*.*"
"X:\*.*"
"Y:\*.*"
"Z:\*.*"
The body of the e-mail sent is as follows:
To: Director of Sales/Marketing,
Attached is my resume with a list of
references contained within. Please
feel free to call or email me if you
have any further questions regarding
my experience. I am looking forward
to hearing from you.
Sincerely,
Janet Simons.
Removal:
Although NAV can repair the inserted files, you can safely delete the files listed above.
auch, wenn es eigentlich nicht hierher gehört, möchte ich vor einem neuen Dateivernichter warnen. Im Folgenden die Infos vom Symantec Antivirus Research Center. Das Virus putzt tatsächlich die Platte leer, ist also deutlich lästiger als die Loveletter-Variations!
Ich wünsche Euch einen guten Start in die Woche 22,
Gruß
LARA C.
---------------
W97M.Melissa.BG
Last Updated: May 26, 5:59pm PST
W97M.Melissa.BG is a Word 97 macro virus that has a payload of deleting necessary system files. It also sends itself out through e-mail using Microsoft outlook. The subject of the e-mail is "Resume - Janet Simons".
Also known as: ResumeWorm, W97M.Resume.A
Category: Worm
Infection length: 41,472
Virus definitions: May 26, 2000
Threat assessment:
Wild:
Medium Damage:
High Distribution:
High
Wild
Number of Infections: 50-99
Number of Sites: 3-9
Geographical Distribution:Medium
Threat Containment:Easy
Removal:Easy
Damage
Payload:
Large Scale E-mailing:All addresses in the User's Address book using Microsoft Outlook
Deletes Files:C:\*.*
C:\My Documents\*.*
C:\WINDOWS\*.*
C:\WINDOWS\SYSTEM\*.*
C:\WINNT\*.*
C:\WINNT\SYSTEM32\*.*
Also A-Z:\*.*
Degrades Performance:may crash e-mail server
Causes System Instability:Deletes system files.
Distribution
Subject of E-mail:Resume - Janet Simons
Name of Attachment:RESUME1.DOC or Explorer.doc or NORMAL.DOT
Size of Attachment:41,472
Technical description:
W97M.Melissa.BG a macro virus which has an unusual payload. When a user opens an infected document, the virus will attempt to e-mail a copy of this document to everyone in the user's address book, using Microsoft Outlook. The virus also drops 2 copies of itself. One is dropped to
C:\Data\Normal.dot
Another is dropped to:
C:\WINDOWS\Start Menu\Programs\StartUp\Explorer.doc
Upon closure of the document the virus attempts to delete the files:
"C:\*.*"
"C:\My Documents\*.*"
"C:\WINDOWS\*.*"
"C:\WINDOWS\SYSTEM\*.*"
"C:\WINNT\*.*"
"C:\WINNT\SYSTEM32\*.*"
"A:\*.*"
"B:\*.*"
"D:\*.*"
"E:\*.*"
"F:\*.*"
"G:\*.*"
"H:\*.*"
"I:\*.*"
"J:\*.*"
"K:\*.*"
"L:\*.*"
"M:\*.*"
"N:\*.*"
"O:\*.*"
"P:\*.*"
"Q:\*.*"
"R:\*.*"
"S:\*.*"
"T:\*.*"
"U:\*.*"
"V:\*.*"
"W:\*.*"
"X:\*.*"
"Y:\*.*"
"Z:\*.*"
The body of the e-mail sent is as follows:
To: Director of Sales/Marketing,
Attached is my resume with a list of
references contained within. Please
feel free to call or email me if you
have any further questions regarding
my experience. I am looking forward
to hearing from you.
Sincerely,
Janet Simons.
Removal:
Although NAV can repair the inserted files, you can safely delete the files listed above.
