Glossary
of
Terms

Care&Maintenance
viruses
backup the registry
restore the registry

 

 

 


McAfee Clinic

Check out McAfee's Site
You can do a virus scan
online!
Use the most current version of McAfee's Anti-Virus program
and
up-to-date Virus Signatures

 

Virus Watch
Keep an eye out for these
Worms
& Trojans

W32/Navidad@M
BackDoor-G2
VBS/Loveletter
W32/Prolin@MM
AnnaKournikova

AnnaKournikova Virus (VBS/SST@MM)
I'm As of Monday morning, February 12, 2001, computers worldwide have been infected with an email virus posing as a photo of Russian tennis star Anna Kournikova.

Watch for an email with a subject title: Here you have, ;o)

The body of the email will read: Hi: Check This!

The email comes with an attachment named:
AnnaKournikova.jpg.vbs.

As with any virus, worm or trojan distributed via email, the best thing you can do is delete the email and its attached file before you click on it. You should, of course, keep an up-to-date anti-virus program installed, with current virus signatures or .DAT files.

Recent versions of the anti-virus applications from Norton, McAfee and Sophos all claim to be able to catch the virus. Make sure you have the current data files or virus signatures for your particular application.

The worm is very much like the I Love You virus, and threatening to be just about as prolific, but not nearly as damaging.

If you do click on the attachment, the virus will copy itself to the Windows directory and make changes to the registry files. It then invades the address book of the Microsoft Outlook email program and attempts to send itself to everyone listed there.

Macintosh users and PCs using other Email applications should not be infected.

Aliases:
AnnaKournikova
VBS/SST@MM
Kalamar.A
Calamar
On TheFly
VBS/VBSG.J@MM

 

Removal
Do a scan with your anti-virus application and delete any infected files it finds. If you already clicked on the attachment and activated the worm, this should remove the infected files, but you'll still have to remove the keys, and the values, that the virus created in the Registry files.

Be sure you know how to backup, restore and edit the Registry before you use the Registry Editor.

Click on the Start button and select Run. Type REGEDIT and press Enter.

You're going to navigate to
HKEY_USERS/.DEFAULT/Software/OnTheFly
and delete the OnTheFly key.

Click the plus sign (+) beside the HKEY_USERS folder.
Click the plus sign (+) beside the .DEFAULT folder.
Click the plus sign (+) beside the Software folder.

Right-click the key (folder) 'OnTheFly' and choose delete.

You should be finished, but as an added precaution, check
HKEY_CURRENT_USER/Software
for the folder 'OnTheFly'. If its there, delete it as well.

 

A completely manual removal is just as easy. Simply delete the original email and it's attachment. Then delete any file in the Windows directory called AnnaKournikova.jpg.vbs. Next, remove the Registry entries mentioned above, and you're done.