[Glaslyn] afan is dirty

Mark A. Arnold maarnold at gte.net
Tue Nov 6 22:18:57 PST 2001


    It has been determined that Afan's PC has been infected with the
W32/Nimda.e at MM virus. Please do not open any email messages from her.
When she has finished patching and scrubbing her system, she will send
out an email with a subject line saying that she is clean. Could one
person please forward this to the Steppes list (since I am not yet
subscribed thereto).
    This virus is particularly nasty because it exploits a couple
vulnerabilities in MS Internet Explorer and MS Outlook. You can become
infected without even clicking on the attachment -- if you use those
microsoft products. For other email clients, you must click on the
attachment to become infected. One sign of infection is that the virus
propagates bunches of files with a .eml filename extension on various
directories of your harddrive. Another sign is that it installs an
Admin.dll on the root of your c:, d:, and e: drives. On Win9x systems,
it also copies itself to you LOAD.EXE and your COMMAND.COM. It also adds
entries to your SYSTEM.INI and your Windoze registry.
    The virus mass mails to the entries in your Outlook address book
every 10 days. Afan uses the Pegasus email client, so you may never get
it from her. She wanted me to tell everyone, just in case.

    More information is available at

http://vil.mcafee.com/dispVirus.asp?virus_k=99209&

If you find yourself infected, a standalone remover utility specific to
this virus is available at...

http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/tools.asp

The tool is in the file NIMDASCN.ZIP

Sorry for any inconvenience this may have caused you.

Practice safe hex,

Louis le Blaireau




More information about the Glaslyn mailing list