Bilancino
25-09-2001, 12:22
Ho letto sul televideo Rai pagina 160 la presenza di un nuovo virus che si presenta con l'allegato WTC.exe e messaggio Pace tra l'America e l'Islam.
Fate attenzione!!!!
Ciao
Fate attenzione!!!!
Ciao
View Full Version : Nuovo Virus in circolazione
Bilancino
26-09-2001, 19:57
Mi rispondo da solo comunque ecco nuove informazioni:
Name: WarVote.A@mm
Aliases: Vote, W32.Vote.A@mm, W32/Vote@MM, Troj_Vote.A, W32/Vote-A
Type: Internet Worm
Description:
WarVote.A@mm is a mass mailing internet worm written in Visual Basic. It arrives as an attachment to an email that contains the following information:
Subject: Fwd:Peace BeTween AmeriCa and IsLaM !
Message: Hi
iS iT waR Against AmeriCa Or IsLaM !?
Let's Vote To Live in Peace!
Attachment: WTC.exe
When the attachment is double clicked the worm is executed, and will begin emailing copies of itself to each recipient in the Microsoft Outlook address book. It will then attempt to delete the contents of several folders that contain installation information for certain antivirus products, including Command Software. WarVote.A@mm will also search all available fixed and network drives for files with the extensions .htm and .html; if found, they will be overwritten.
Ciao a Tutti e Attenzione!!!
Name: WarVote.A@mm
Aliases: Vote, W32.Vote.A@mm, W32/Vote@MM, Troj_Vote.A, W32/Vote-A
Type: Internet Worm
Description:
WarVote.A@mm is a mass mailing internet worm written in Visual Basic. It arrives as an attachment to an email that contains the following information:
Subject: Fwd:Peace BeTween AmeriCa and IsLaM !
Message: Hi
iS iT waR Against AmeriCa Or IsLaM !?
Let's Vote To Live in Peace!
Attachment: WTC.exe
When the attachment is double clicked the worm is executed, and will begin emailing copies of itself to each recipient in the Microsoft Outlook address book. It will then attempt to delete the contents of several folders that contain installation information for certain antivirus products, including Command Software. WarVote.A@mm will also search all available fixed and network drives for files with the extensions .htm and .html; if found, they will be overwritten.
Ciao a Tutti e Attenzione!!!
daitan
26-09-2001, 20:03
avevo letto anche io qualcosa.....
...WTC =World trade center ;)
...WTC =World trade center ;)
Bilancino
26-09-2001, 20:12
Qualche minuto fa ho trovato pure questo:
When the worm is run it will send itself to entries in your Outlook address book. It will drop and run a Visual Basic
script in c:\windows\mixdalal.vbs. This script will search all drives (hard disks and network drives) for web
pages with the HTM or HTML extension.
The worm will overwrite these files with the single line of text
AmeRiCa ...Few Days WiLL Show You What We Can Do !!! It's Our Turn >>> ZaCkEr is So Sorry For You .
The worm sets the browser homepage to
us.f1.yahoofs.com
which will download a file called TimeUpdate.exe onto your computer. This file is a password stealing trojan and
is detected as Troj/Barrio
The worm attempts to remove various anti virus products by deleting the following directories:
C:\Program Files\AntiVirus Toolkit Pro
C:\eSafe\Protect
C:\Program Files\Command Software\F-PROT95
C:\PC-Cillin 95
C:\PC-Cillin 97
C:\Program Files\Quick Heal
C:\Program Files\FWIN32
C:\Program Files\FindVirus
C:\Toolkit\FindVirus
C:\f-macro
C:\Program Files\McAfee\VirusScan95
C:\Program Files\Norton AntiVirus
C:\TBAVW95
C:\VS95
The worm will drop another script in C:\windows\system\zacker.vbs and add the registry entry
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Norton.Thar = C:\windows\system\zacker.vbs
to ensure that the script is run on next startup.
Both vbs scripts are detected as VBS/Vote-A by the W32/Vote-A ide
The zacker.vbs script attempts to delete all files in the windows directory and will append the line
'echo y | format C:' to C:\autoexec.bat so that the hard drive will be formatted on the next reboot.
The script then displays a message box with the text
I promiss We WiLL Rule The World Again...By The Way,You Are Captured By ZaCker !!!
and attempts to shutdown windows.
When the worm is run it will send itself to entries in your Outlook address book. It will drop and run a Visual Basic
script in c:\windows\mixdalal.vbs. This script will search all drives (hard disks and network drives) for web
pages with the HTM or HTML extension.
The worm will overwrite these files with the single line of text
AmeRiCa ...Few Days WiLL Show You What We Can Do !!! It's Our Turn >>> ZaCkEr is So Sorry For You .
The worm sets the browser homepage to
us.f1.yahoofs.com
which will download a file called TimeUpdate.exe onto your computer. This file is a password stealing trojan and
is detected as Troj/Barrio
The worm attempts to remove various anti virus products by deleting the following directories:
C:\Program Files\AntiVirus Toolkit Pro
C:\eSafe\Protect
C:\Program Files\Command Software\F-PROT95
C:\PC-Cillin 95
C:\PC-Cillin 97
C:\Program Files\Quick Heal
C:\Program Files\FWIN32
C:\Program Files\FindVirus
C:\Toolkit\FindVirus
C:\f-macro
C:\Program Files\McAfee\VirusScan95
C:\Program Files\Norton AntiVirus
C:\TBAVW95
C:\VS95
The worm will drop another script in C:\windows\system\zacker.vbs and add the registry entry
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Norton.Thar = C:\windows\system\zacker.vbs
to ensure that the script is run on next startup.
Both vbs scripts are detected as VBS/Vote-A by the W32/Vote-A ide
The zacker.vbs script attempts to delete all files in the windows directory and will append the line
'echo y | format C:' to C:\autoexec.bat so that the hard drive will be formatted on the next reboot.
The script then displays a message box with the text
I promiss We WiLL Rule The World Again...By The Way,You Are Captured By ZaCker !!!
and attempts to shutdown windows.
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.