W32.SwenA.mm + MS patch flaw by design?

From: sixbells (anonymous_at_discussions.microsoft.com)
Date: 03/24/04 

Date: Wed, 24 Mar 2004 06:45:26 -0800

Good Morning All;
Thanks for the clues, after researching snopes, as well as
a Microsoft Knowledge Base Article - 263080
(http://support.microsoft.com/default.aspx?scid=kb;EN-
US;263080) AND (http://support.microsoft.com/default.aspx?
scid=kb;EN-US;263073), it is now apparent that I was
struck by the the Swen-A variant as outlined in
http://www.snopes.com/computer/virus/patch.asp#add and was
suckered into the real looking MS e-mail message. Yea,
yea, I know MS warns of these types of emails, but I had
been on the computer for about 10 hours and had my Outlook
Preview Pane set, however, I have been hit almost daily by
Swen's other simpler one-liners, which I delete
immediatly. I have run the Norton 2004 Swen removal tool,
as well as constantly updating my machine with the latest
MS upgrades. I have also followed the pre-removal steps
(reluctantly because you are required to turn off System
Restore), hid file extensions, when running the removal
tool both as an exe, and from the command prompt.

I have kept Norton 2004 updated with the latest virus
definitions and it always comes back that I am vurus
free!! At this point I am probably either going to 1)
throw the computer out the window and become a bounty
hunter for virus developers, or 2) try once again to run
the Swen-A removal tool from the cmd prompt or 3) seek
professional help (with a computer technician that is...).

I guess what bothers me the most is that there does not
appear to be any updates from MS that are reasonable
and/or available for MS Outlook 2002-SP3, and previous
updates state that "This behavior is by design with the
Microsoft Outlook E-mail Security Update". The 326585
OFF2000: Overview of the Office 2000 SP3 article does not
appear to be feasable as well, BUT, I will check with my
Earthlink administrator to see if thay can control
specific features that are included with the update, run
Outlook in a Microsoft Exchange Server environment and
have my e-mail messages delivered to a server-based
mailbox, However, if my mail is currently delivered to a
Personal Folders file (.pst), and I use MS Outlook for
much more than just a mail system (Calendar, Tasks,
Journal, NetMeetings, Contacts, Notes, etc...), so I am
doubtful that they can configure the settings for the
update.

Any inputs at this point are greatly appreciated, but
reformatting my machine is not an option, I did that last
week and was in the process of re-installing my software
and files when this problem cropped up again.

Thanks Again...Sixbells
*******************************

>-----Original Message-----
>
>sixbells wrote:
>> *Arrggg, I wish I could get my hands on these punks that
>> develop these viruses!! Which virus is the following??
>>
>> Symptoms:
>> 1) Windows XP Pro SP1
>> 2) Office Update-11
>> 3) Microsoft Outlook 2002 SP3
>>
>> Every time I create a new message (Word is my default
>> editor), I get a Outlook Warning dialog box that warns:
>> "A program is trying to access addresses you have stored
>> in your Outlook address book. Do you want to allow this?
>>
>> If this is unexpected, it may be a virus and you should
>> answer 'No'"
>>
>> The Help Button reads:
>> A program is trying to access your Address Book
>> A program is trying to access your Address Book or
>> contacts. Viruses can spread by sending copies of e-mail
>> messages to people listed in your Address Book. You must
>> allow or deny access to your Address Book before this
>> program can continue.
>>
>> Allow access
>>
>> Do one or both of the following:
>>
>> To allow the program access for this instance only (such
>> as for one contact), click Yes.
>> To allow unsecured access for a specified time period of
>> up to 10 minutes, select the Allow Access for check box,
>> and then click a time period in the list.
>> Deny access
>>
>> Click No.
>>
>> Thanks in advance for your assitance, I have sun several
>> virus removal tools, have Norton 2004 with full emailing
>> screening (including worms) and the current defs
>> installed???
>>
>> Peace, out,
>> Sixbells *
>
>SAME QUESTION, SAME ANSWER OF NICTU
>
>
>
>--
>jelly
>----------------------------------------------------------
--------------
>Posted via http://www.mcse.ms
>----------------------------------------------------------
--------------
>View this thread: http://www.mcse.ms/message502751.html
>
>.
>