Glossary
of
Terms

Care&Maintenance
viruses
backup the registry
restore the registry

 

 


McAfee Clinic

Check out McAfee's Site
You can do a virus scan
online!
Use the most current version of McAfee's Anti-Virus program
and
up-to-date Virus Signatures

 

Virus Watch
Keep an eye out for these
Worms
& Trojans

W32/Navidad@M
BackDoor-G2
VBS/Loveletter
W32/Prolin@MM
AnnaKournikova

mpf_468x60.gif

W32/ProLin@MM (New BackDoor)

As with all email, you should scan any attachments with current, up to date anti-virus software before clicking on them. Both Mcafee and Norton offer free updates of their .DAT files that can be downloaded from their respective sites. Any time you see a version change of the actual program, such as VER 4.0 to 4.5 or 5.0, this indicates a major change, and a new retail version of the program should be purchased and installed. I've seen people still using the shareware versions that they got when they bought their computers three years ago! This is not adequate.

I recommend the retail versions because the shareware versions can time out at the most critical moments. The most popular anti-virus programs can be purchased online from their respective websites, through secure servers that will encrypt your information. These sites often offer free updates to the engine for a specified time.

I happen to use Mcafee's Viruscan and Online Clinic, but this is a preference developed through familiarity. Norton AntiVirus is also an excellent program. Stick with what you trust.

W32/ProLin@MM is an internet worm that is distributed via email. It may be detected by current anti-virus software as 'New BackDoor'. At the present time, it may arrive with the Subject line - "A great shockwave flash movie".
The body of the email may have the text - "Check out this new flash movie that I downloaded just now... It's Great Bye."

The attachment, 'creative.txt', will have a 'Shockwave Media Player' icon. Once clicked on, it will write to your hard drive and possibly email itself to everyone in your browser's address book. Because of this fact, the email could come from someone you know and trust, once their machine is infected.

This worm will move all your .JPG and .ZIP files to your root directory (C:\) and rename them, adding the line 'change atleast now to LINUX', to the extension.

In other words, if you had files on your hard drive named 'bubbles.jpg' or 'startit.zip', they would be moved to your root directory and renamed
'bubbles.jpgchange atleast now to LINUX' and
'startit.zipchange atleast now to LINUX'.

Other than that, the files aren't infected.

Because of the mess that it makes of your .JPG and .ZIP files, your first indication may be an error message when running a program that tries to access these files. However, it's been my experience that most people are first aware of these types of internet worms and trojans when they receive complaints from someone in their address book.

The worm also writes a copy of itself (creative.exe) to the root directory of your hard drive, a copy in the WINDOWS\TEMP\ directory, and a copy to the WINDOWS\START MENU\PROGRAMS\STARTUP\ directory, so that it runs everytime you start your computer.

Here's something else this particular worm does! It writes a file to your root directory called 'messageforu.txt'. Using a text editor to read this file, you'll find a list of all the files that were infected, and where they originally came from. Highly irregular for a computer vandal, but very helpful when restoring the files to their original folders.

Removal
- Delete the original message from your Inbox and then from the Trash.
- Delete the file 'creative.exe' from the above mentioned directories.
- Use the 'messageforu.txt' file as a reference, and restore the proper filenames to the infected files, then move them to their original folders.
- Check the 'options' settings in any MS Office programs you may have, and make sure the macro protection warning is enabled.

If you perform a virus scan and clean, using a current anti-virus program with up-to-date virus signatures (.DAT files), before your computer is infected (before you've clicked on the 'creative.exe' attachment), it should do a good job of removing the problem.

If you perform the scan and clean after your computer is infected, you will still have to use the 'messageforu.txt' file as a reference to manually rename infected files and move them to their original directories.

- Do another scan to make sure everything is OK.
- Remove the 'messageforu.txt' file.

For more information on viruses click here.