Path: chuka.playstation.co.uk!news From: "Phil Gooch" Newsgroups: scee.yaroze.freetalk.english Subject: Re: [Off topic]: I luvvvvveee you Date: Fri, 05 May 2000 00:00:07 +0100 Organization: Neuon Lines: 42 Message-ID: <8esvbq$o573@chuka.playstation.co.uk> References: <8esbbo$o571@chuka.playstation.co.uk> NNTP-Posting-Host: philg.easynet.co.uk Mime-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Newsreader: Microsoft Outlook Express Macintosh Edition - 4.5 (0410) Yeah, we got stuffed by this at work. It's quite a nasty little virus, and once again shows how full of security holes Microsoft products are. It's a VB script that executes when you open the email in Outlook. As well as doing the Melissa stuff of sending itself to everyone in your address book, it installs itself on all drives (network or otherwise) that your computer is connected to. It also makes some changes to your registry so that it further propagates itself when you restart windows. Furthermore, it sets your Internet Explorer start page to a web site that downloads an executable to your IE downloads folder. It then makes a registry change so that this exe runs when you reboot. I don't know what this exe (called MSWIN-BUGFIX.exe) does. It also creates an HTML page, with the vb script itself embedded in it and infects mIRC (if you have it installed) so that this is sent out with all your IRC messages. Finally, and worst of all - and I can't believe MS allows VBscript to do this - it deletes *all* files on all your drives whose extensions are .jpg, .jpeg, .mp3, .vbe, .vbs, .js and others, and then installs itself using these filenames as a disguise. So if you had a file called my.mp3 you end up with my.mp3.vbs which is the virus. I ended up with 500 copies of the script on my system, each one sending out emails to my whole address book at regular intervals. Plus it trashed a whole load of files on my machine. Phil ---------- In article <8esbbo$o571@chuka.playstation.co.uk>, "ROBERT C SHAND" wrote: > Hrrmm, appears like most of the computer systems in the UK ( or even the > world) aren't ready for a widespread virus attack > > Bob > >