BS01181_.WMF (5174 bytes)VIRUS HELP PAGE

Whenever we find new viruses and their "fixes" we will try to post the information here.

Here is a link to tools you may use on some of the more common viruses.  http://www.symantec.com/avcenter/tools.list.html

WATCH OUT FOR THIS NEW ONE:

********************  VIRUS ALERT   *************************
************* (Mawanella Virus)VBS/VBSWG.Z@MM    ************

There has been a large and growing number of computers
infected with VBS/VBSWG.Z@MM.  This is a MEDIUM

                    "ON WATCH" RISK. The virus is spread via                                    

the Windows email program Outlook.                                                                                                                                                                                                                                                                                                                                                                                       The infected email can come from addresses that
you recognize, with an attachment named "Mawanella.vbs".
The email message can appear as follows:

Subject: Mawanella
Body: Mawanella is one of the Sri Lanka's Muslim Village
Attachment: Mawanella.vbs

Opening the attachment initiates the mass e-mailing routine.
When the attachment is running, it displays a message-box
entitled "VBScript: Mawanella" which reads:

   Mawanella is one of the Sri Lanka's Muslim Village.
   This brutal incident happened here 2 Muslim Mosques,100
   Shops are burnt. I hat this incident, What about you?
   I can destroy your computer I didn't do that because I am
   a peace-loving citizen.

It copies itself to the Windows System directory as a file
called "Mawanella.vbs" and e-mails itself to all recipients
in the Microsoft Outlook address book.
Click here for more information.
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2251

________________________Virus Fixes_________________________

Find out more about VBS/VBSWG.Z@MM (Mawanella Virus),
click here.   http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2251

-----------------------------------------------------------------------------------------------------------------------------
W32.HLLW.JibJab@mm   is a mass mailing worm that diguises itself as a flash movie attachment named "NakedWife.exe"

It appears that this worm emails itself to everyone in your Microsoft Outlook Express address book and is known to have deleted or destroyed several files from the Windows folder and the Windows System folder.  DO NOT OPEN THE ATTCHMENT NAMED "NakedWife.exe" Just delete it!

MYBABYPIC.EXE

A new virus was just discovered 2/27/2001 that you need to be aware of.  If you receive an email with the subject line, MyBabypic!!!, delete it IMMEDIATELY.   Do not open the attachment or send it to anyone.  The message text says, It's "my animated baby picture!!"  and the attached file is named. MYBABYPIC.EXE.   This email contains a virus and will infect your computer.  See the information below provided by McAfee VirusScan.

Virus Profile

Virus Name
W32/Myba@mm

Date Added
2/27/01 12:06:09 PM

Virus Characteristics
At the time of writing this description, this threat is detected by current engine (4.0.70+) and DAT files when scanned with program heuristics enabled as "New BackDoor".  This is an Internet worm written in Visual Basic Scripting (.VBS extension). It is written to trick a user into thinking it is a joke; however it runs as a process after the user thinks the program has been closed, and sends to others using Outlook. An email message is sent to each user listed in the available address books approximately 10 minutes after first running this virus. This virus may arrive by email in this format:

Subject = "My baby pic!!!"
Body = "Its my animated baby picture !!"
Attachment = mybabypic.exe

Since one of the traits of these viruses is the use of a victim's Outlook address book, the name of the sender will be someone you know.  The virus sends out infected messages to all members of their address book under the owner's name.  DO NOT assume just because your Mom sent it that the message is safe.  The odds are she really didn't send it!

DO THIS EVEN IF YOU HAVE ANTI-VIRUS SOFTWARE.

Most of the time anti-virus software will not pick up scripting-type virus worms like the kak-worm, and even if they do, it may be too late. This is very easy to do and shouldn't mess anything up.

1) Start Outlook Express (assuming that you have version 5.0, if not see the instructions at the end of this e-mail)
2) Click on the "Tools" menu
3) Click "Options"
4) Click the "Security" tab
5) Click on the "Restricted Sites Zone (more secure)" option
6) Click "OK"
Your done with Outlook Express, so go ahead and exit Outlook Express.
Just a few more steps...
7) Start Internet Explorer
8) Click on the "Tools" menu
9) Click on "Internet Options"
10) Click the "Security" tab
11) Click on "Restricted Sites" (it looks like a red dot with a minus sign in it)
12) Click "Custom Level" (towards the bottom)
13) Scroll down until you see "Scripting" (again it's towards the bottom)
14) Under "Active Scripting" Click "Disable"
15) Click "OK"
16) Click "Yes" (if it asks)
17) Click "OK"
Your all done!!!  You have just protected yourself from being infected by
these worm-type scripted viruses. While this is no guarantee for the future it
will protect you from the viruses we have already seen.

*** Other Instructions ***
If you followed the previous instructions and the screen didn't follow what I had written down:
Click on this link and look under Outlook Express 4.x:
http://www.microsoft.com/technet/support/kb.asp?ID=192846