W32/Swen@MM
virus- current information
A
new virus alert was issued on September 18th 2003.
The Swen virus (w32.swen@mm) masquerades as a new Microsoft
patch.
Please
note that microsoft never directly emails its software
patches to anyone. Emails containg this virus may have
but not limited to "Returned Response" or New
Microsoft Patch" in the subject line. Although infection
is not limited only by email.
Once
your computer is infected and activated swen will mail
itself to email addresses found on your computer. The
subject line and attachment name are randomly chosen
from an internal list, however many attachments appear
to be a Microsoft Security patch. Swen also attempts
to disable various security and anti-virus products,
and alters your registry file making it impossible to
run any programs from within Windows except internet
explorer and your email software.
If
you see a the following files in your c:\windows or winnt
directories;
swen1.dat, germs0.dbv with
creation dates in the last week you are definitely infected.
There will most likely also be an .exe file with a random
name that was created at about the same time as the other
two files.
Check
out these websites for disinfection instructions.
this is the file I used to disinfect some friends computers this weekend:
Computer
Associates
McAfee
Symantec
Steps:
1)download one of the above tools from another uninfected computer.
2) copy the file onto your computer in the windows directory
3)restart your computer in safe mode
4) run the virus removal program
To
start Windows 2000 in Safe mode:
1. If the computer is running, shut down Windows and then turn off the
power.
2. Wait 30 seconds, and then turn the computer on.
3. When you see the black-and-white Starting Windows bar at the bottom
of the screen, start tapping the F8 key. The Windows 2000 Advanced Options
Menu appears.
4. Ensure that the Safe mode option is selected. In most cases, it is
the first item in the list and is selected by default. (If it is not
selected, use the arrow keys to select it.)
5. Press Enter. The computer will start in Safe mode. This can take a
few minutes.
6. When you are finished with all troubleshooting, close all programs
and restart the computer as you normally would.
PLEASE
NOTE: Recent
outbreaks of computer viruses (actually technically worms)
have been attached within emails that appear to be coming
from someone you know or appear to be undeliverable messages.
Use extra caution when opening the email attachments.
Any email from SlickRock will only contain attachments
with the extensions .rtf ,htm or .pdf. Any files with
the extensions .exe, .bat,
.scr , .vbs or .pif appearing to be from
us should be deleted immediately. If ever you are uncertain
about the validity of an email please call us.
|
>> Client
Login
