Re: readme.eml
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 02/18/04
- Next message: lj: "Error Message when opening Outlook"
- Previous message: Tedd Riggs: "Re: Flamewall Security Centre"
- In reply to: mike: "readme.eml"
- Next in thread: David H. Lipman: "Re: readme.eml"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Feb 2004 12:23:53 -0500
Go to McAfee (http://www.mcafee.com/myapps/mfs/default.asp) and/or Trend
(http://housecall.antivirus.com ) and perform an online scan of your platform.
Let's verify if you indeed have W32.Chir.B@mm
W32/Chir@MM - http://vil.nai.com/vil/content/v_99518.htm
Note:
"Additionally, the worm attempts to write base64-encoded copies of itself to all folders on
network drives, as the file: (computer name).eml. These encoded copies of the worm
are detected as W32/Chir.eml by the indicated DATs."
In addition:
If you post to UseNet with your TRUE, not a munged, email address then you have invited the
Swen Internet worm [aka; W32/Gibe-F] to visit you.
The Swen is news spelled backwards. The reason it is called this is because the Swen worm
harvests email addresses from UseNet News Groups. It has an engine that allows it to post
itself to UseNet News Groups and well as it has its own email engine. From the list of
email addresses that it has harvested, it will then email itself to those addresses.
Dave
"mike" <m i k e . b a r n e s @ verizon.net> wrote in message
news:11c8f01c3f641$b90a1a20$a101280a@phx.gbl...
| My system is pereated with a file named readme.eml which
| acording to MS is the result of a virus called
| W32.Chir.B@mm and I woild like to get rid of the virus and
| deleate the readme.eml files. Any suggestions?
- Next message: lj: "Error Message when opening Outlook"
- Previous message: Tedd Riggs: "Re: Flamewall Security Centre"
- In reply to: mike: "readme.eml"
- Next in thread: David H. Lipman: "Re: readme.eml"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
