 |
 |
On 14 Jan 2001, at 11:33, Kelly Grant wrote: > Important Information: > > There is a really bad virus going around. This one is real. Please > read the info below. > > You can find full details of the virus here: > http://www.email4fun.com/haha.txt > <A href="http://www.email4fun.com/haha.txt">Haha virus info</A> > > Some links to find out more info about the virus also: > http://www.sexyfun.net/ <--- they did not create the virus > <A href="http://www.sexyfun.net">sexyfun.net</A> Hi Kelly, Yes, it's real and yes, we all should have the latest antivirus loaded and set for real time scanning. Really bad? Aren't all viruses? There are many variants. My antivirus provider (Trend-Micro) lists the following... TROJ_HYBRIS.B Aliases: HYBRIS.B, Snow White, W32.Hybris.gen, W32/Hybris-B, I- Worm.Hybris.B, W32/Hybris.gen@ Description: This non-destructive worm is a variant of TROJ_HYBRIS.C. It propagates via MS Outlook, by sending itself as an attachment to every user listed in the address book of the infected user. TROJ_HYBRIS.C Risk rating: low risk Aliases: HYBRIS.C, I-Worm.Hybris, W32/Hybris@M, Win32.Hybris.Gen, TROJ_HYBRIS.B, TROJ_HYBRIS.A, TROJ_HYBRIS.D, TROJ_HYBRIS.E, TROJ_HYBRIS.GEN, TROJ_HYBRIS.DLL, TROJ_HYBRIS.PX, Snow White Description: This semi-polymorphic worm propagates via email and may also spread through Newsgroup postings. It does not have any destructive payloads. However, it has several known plug-ins that may be upgraded to make it malicious. Upon execution, this worm monitors Internet access from the infected computer and monitors any email sent and received. Once it detects Internet connection, it sends an additional email to all addresses that were sent to by the infected user, after the worm was executed. This email includes a copy of the worm as an attachment. The filename of the attachment is selected randomly depending upon the system default language of the infected computer. Note: There are several variants of this Trojan, however, all variants have the same behavior with minor differences. Solution: Use the Emergency Rescue Disk (ERD) to delete all files detected as TROJ_HYBRIS (all variants). It may happen that WSOCK32.DLL is also deleted in the process. In that case, please copy a clean WSOCK32.DLL in the Windows System directory. This WSOCK32.DLL can be extracted from WIN95_11.CAB (Win 95 CD) or PRECOPY1.CAB (Win 98 CD). You may also copy this file from a clean system with exactly the same Windows version. If you need further assistance with this solution, please send an email to [log in to unmask] ************** All the Best ........... murray [log in to unmask]