Techguy
November 17, 2000, 05:42 pm
©CERT Advisory Team, 2000.
We receive many daily reports of virus infections and propagation on the Internet. Hosts continue to be infected by well-known viruses. It is important for users to keep anti-virus software up to date and scan files on a regular basis to prevent this type of activity.
W32/Navidad Worm
Over the past few days, the CERT/CC has received a number of reports of a worm known as W32/Navidad. This worm propagates by responding to email messages and including the file NAVIDAD.EXE as an attachment. We have received a few reports indicating variations in the name of the file (e.g. NAVIDAD17.EXE) which may allow the worm to pass through simple email filters.
When a user runs the NAVIDAD.EXE file, an error dialog box will appear and an eye icon will appear in the system tray. The worm also creates some entries in the registry and copies itself to the file 'winsvrc.vxd'. Errors in the registry entries which are created will cause an error dialog box to appear when a user attempts to run other .EXE files. This worm does not appear to damage files based on the reports we have received, and the information we've gathered.
More information about the Navidad worm, and instructions on how to remove it from an infected system can be found at your anti-virus vendor's website.
Loveletter.as Worm
The CERT/CC continues to receive reports from users infected by the loveletter.as worm.
LoveLetter.as spreads in email messages with the following characteristics:
Subject: US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.COM)<=
Body: VERY JOKE..! SEE PRESIDENT AND FBI TOP SECRET PICTURES..
Attachment: (random_name.ext).vbs
Copies of the virus that have been reported to us contain the following comment
rem "Plan Colombia" virus v1.0
When the worm is executed, it replaces all files from every drive in the same way the VBS/LoveLetter.A virus does. For more information on the payload and how to prevent or recover from a loveletter infection, please see CERT Advisory CA-2000-04
CA-2000-04, LoveLetter Worm
Additional information about viruses can be found by visiting the sites listed on our Computer Virus Resources page.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.
We receive many daily reports of virus infections and propagation on the Internet. Hosts continue to be infected by well-known viruses. It is important for users to keep anti-virus software up to date and scan files on a regular basis to prevent this type of activity.
W32/Navidad Worm
Over the past few days, the CERT/CC has received a number of reports of a worm known as W32/Navidad. This worm propagates by responding to email messages and including the file NAVIDAD.EXE as an attachment. We have received a few reports indicating variations in the name of the file (e.g. NAVIDAD17.EXE) which may allow the worm to pass through simple email filters.
When a user runs the NAVIDAD.EXE file, an error dialog box will appear and an eye icon will appear in the system tray. The worm also creates some entries in the registry and copies itself to the file 'winsvrc.vxd'. Errors in the registry entries which are created will cause an error dialog box to appear when a user attempts to run other .EXE files. This worm does not appear to damage files based on the reports we have received, and the information we've gathered.
More information about the Navidad worm, and instructions on how to remove it from an infected system can be found at your anti-virus vendor's website.
Loveletter.as Worm
The CERT/CC continues to receive reports from users infected by the loveletter.as worm.
LoveLetter.as spreads in email messages with the following characteristics:
Subject: US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.COM)<=
Body: VERY JOKE..! SEE PRESIDENT AND FBI TOP SECRET PICTURES..
Attachment: (random_name.ext).vbs
Copies of the virus that have been reported to us contain the following comment
rem "Plan Colombia" virus v1.0
When the worm is executed, it replaces all files from every drive in the same way the VBS/LoveLetter.A virus does. For more information on the payload and how to prevent or recover from a loveletter infection, please see CERT Advisory CA-2000-04
CA-2000-04, LoveLetter Worm
Additional information about viruses can be found by visiting the sites listed on our Computer Virus Resources page.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.