Free Web Hosting Provider - Web Hosting - E-commerce - High Speed Internet - Free Web Page
Search the Web

Main office
News Room
Security Fortress
Bug Alert
Download Center
Reviews
Site Resources
Virus Central - The Place for Virus Info
Virus Profile- W97M/Resume.a@mm

Added 5/26/00

Virus Characteristics -This is a variant of the W97M/Melissa family with a very dangerous payload. This is a worm in that it does not infect the local host system. It spreads by email on opening of the document. It will arrive by Outlook email with the following format:

---------------begin copy of email--------

Subject: Resume - Janet Simons

To: Director of Sales/Marketing, Attached is my resume with a list of references contained within. Please feel free to call or email me if you have any further questions regarding my experience. I am looking forward to hearing from you.

Sincerely, Janet Simons.

«Explorer.doc»

-----------------end copy of email--------

If the file EXPLORER.DOC is opened, it will forward an email all entries in all available address books. As if this wasn't enough, this trojan will wait for the user to close the document before continuing with a more damaging payload. On closing the document, this trojan will perform the following actions against the victim:

* try to copy itself as "C:\WINDOWS\Start Menu\Programs\StartUp\Explorer.doc"

* try to copy itself as "C:\Data\Normal.dot"

* try to delete all files in the following directories and drives in this order, making the system unusable if this occurs: "C:\*.*" "C:\My Documents\*.*" "C:\WINDOWS\*.*" "C:\WINDOWS\SYSTEM\*.*" "C:\WINNT\*.*" "C:\WINNT\SYSTEM32\*.*" "A:\*.*" [may cause an error message] "B:\*.*" [may cause an error message] and *.* in the root of drives D: thru Z:

At the beginning of the virus code, the following comments exist but are never displayed:

'-----------------------------------------------------' 'Better You Than Me Buddy... '... Hope You Like My vIrUs ' :) ' :( '-----------------------------------------------------' -------------------------------------------------------------------------------- Send This Virus Information To A Friend? -------------------------------------------------------------------------------- Indications Of Infection Receipt of an email message as described above - DO NOT OPEN THE ATTACHMENT. If the document received by email is opened, deletion of files may occur, as described above.

Method Of Infection: This trojan is actually a worm in that it does not infect the global template, only forwards to everyone in available address books.

Removal Instructions: Script,Batch,Macro and non memory-resident: Use specified engine and DAT files for detection and removal.

Note1- Microsoft has released an update for Outlook as an email attachment security update. Apply this update as applicable.

Note2- It is very common for macro viruses to disable options within Office applications for example in Word, the macro protection warning commonly is disabled. After cleaning macro viruses, ensure that your previously set options are again enabled. PE,Trojan,Internet Worm and memory resident: Use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use an emergency boot diskette and use the command line scanner such as "SCANPM C: /CLEAN /ALL"

Virus Information Discovery Date: 5/26/00 Origin: Email Length: 39,424 Type: Trojan SubType: Macro Risk Assessment: Medium On Watch

Aliases Melissa.bg, W97M/Melissa.bg@mm

 
Network
TekWebNetwork
Tekzone
Tekwarrior
TekWebDesign

Join Network:

Quick Bar
File of the week
Free file
Beta releases
New releases

 
  © TekWarrior.com, To protect and inform the public. All rights Reserved