[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ExploreZip Worm

To: "Metastock bulletin board" <metastock@xxxxxxxxxxxxx>
Subject: ExploreZip Worm
From: "Walter Lake" <wlake@xxxxxxxxx>
Date: Sat, 12 Jun 1999 17:53:26 -0400 (EDT)

PureBytes Links

Trading Reference Links

For those of you that work in a Windows NT environment, you might want to
check this out.

Best regards

Walter

========================

Here is a download to detect and disable the worm in NT environments.

http://www.fastlanetech.com/worm_killer.htm

FastLane's Windows NT WormKiller Readme
Description
Windows NT WormKiller was built to detect and disable the Worm.ExploreZip
virus. It is not intended to replace other anti-virus software, rather, it
provides a mechanism to quickly detect instances of the virus across the
entire network and disable the virus without visiting the actual infected
machines.
This allows an organization to disinfect only those machines that have been
affected. Windows NT WormKiller is built using FastLane's powerful Directory
Management engine, Active DMS.

etc.

Frequently Asked Questions

Fast Overview
On the morning of June 10, 1999, FastLane Technologies was affected by the
virus known as Worm.ExploreZip. In response, FastLane developers immediately
responded to the challenge and produced Windows NT WormKiller. Their 'speed
to market' with 'WormKiller' was significantly enhanced by the use of Active
DMS, which proved its flexibility, power and ease-of-use.
'WormKiller' is not anti virus software; rather, it complements anti virus
software, preventing further contamination.

What is this virus?
Worm. ExploreZip is a worm that uses MAPI commands and Microsoft Outlook on
Windows systems to propagate itself. The worm was first discovered in Israel
and submitted to the Symantec AntiVirus Research Center on June 6, 1999.
How does the virus work?
The worm e-mails itself out as an attachment with the filename
"zipped_files.exe". The body of the e-mail message may appear to come from a
known e-mail correspondent and contains the following text:
Hi (recipient name!)

I received your email and I shall send you a reply ASAP.

Til then, take a look at the attached zipped docs.

Sincerely, (sender name)

The worm determines whom to mail this message to by going through the
received messages in an Inbox.

The worms then copies itself to the c:\windows\system directory with the
filename "Explore.exe." and then modifies the WIN.INI file so that the
program is executed each time Windows is started.

More specific information on the virus is available at the AntiVirus
Research Center at www.symantec.com

Prev by Date: Re: QuoteMonster and Proxies
Next by Date: MSLAYOUT folder
Previous by thread: virus message
Next by thread: MSLAYOUT folder
Index(es):
- Date
- Thread