Path: chuka.playstation.co.uk!news
From: Phil <philg@easynet.co.uk>
Newsgroups: scee.yaroze.freetalk.english
Subject: Re: [Off topic]:  I luvvvvveee you
Date: Fri, 05 May 2000 10:14:16 +0100
Organization: PlayStation Net Yaroze (SCEE)
Lines: 55
Message-ID: <391290E8.94CA679F@easynet.co.uk>
References: <8esbbo$o571@chuka.playstation.co.uk> <8esvbq$o573@chuka.playstation.co.uk> <8et111$o574@chuka.playstation.co.uk>
NNTP-Posting-Host: 193.131.140.238
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.61 [en] (Win95; I)
X-Accept-Language: en

Still running Win95 here. Probably win2K if affected as well.

Mark Naylor wrote:

> F**k thats one bad virus, don't suppose u have a win2k machine, i have win2k
> and wondered if this would be more secure, or if this would even matter????
>
> "Phil Gooch" <phil@neuon.com> wrote in message
> news:8esvbq$o573@chuka.playstation.co.uk...
> > Yeah, we got stuffed by this at work. It's quite a nasty little virus, and
> > once again shows how full of security holes Microsoft products are.
> >
> > It's a VB script that executes when you open the email in Outlook. As well
> > as doing the Melissa stuff of sending itself to everyone in your address
> > book, it installs itself on all drives (network or otherwise) that your
> > computer is connected to. It also makes some changes to your registry so
> > that it further propagates itself when you restart windows.
> >
> > Furthermore, it sets your Internet Explorer start page to a web site that
> > downloads an executable to your IE downloads folder. It then makes a
> > registry change so that this exe runs when you reboot. I don't know what
> > this exe (called MSWIN-BUGFIX.exe) does.
> >
> > It also creates an HTML page, with the vb script itself embedded in it and
> > infects mIRC (if you have it installed) so that this is sent out with all
> > your IRC messages.
> >
> > Finally, and worst of all - and I can't believe MS allows VBscript to do
> > this - it deletes *all* files on all your drives whose extensions are
> .jpg,
> > .jpeg, .mp3, .vbe, .vbs, .js and others, and then installs itself using
> > these filenames as a disguise. So if you had a file called my.mp3 you end
> up
> > with my.mp3.vbs which is the virus.
> >
> > I ended up with 500 copies of the script on my system, each one sending
> out
> > emails to my whole address book at regular intervals. Plus it trashed a
> > whole load of files on my machine.
> >
> > Phil
> >
> >
> > ----------
> > In article <8esbbo$o571@chuka.playstation.co.uk>, "ROBERT C SHAND"
> > <bob@shand.org.uk> wrote:
> >
> >
> > > Hrrmm, appears like most of the computer systems in the UK ( or even the
> > > world) aren't ready for a widespread virus attack <g>
> > >
> > > Bob
> > >
> > >