Virus, Worms & Trojans

Virus, Worms & Trojans - Fixes

Here is information on common viruses, important notices, and links to patches - not comprehensive - just stuff we have found important to our clients.

Home

News

Topics

AAx

Common Windows Viruses - What To Do

We have seen most of these on clients' machines.

W32/SwenA - Sep-03: a worm that defends itself
Klez.H - Apr-02: worst to date - if you read email on a Windows computer, you have it.
Elkern.C - Apr-02: dropped by Klez.H
SirCam - emails to the Outlook mailing list
- sends real documents so it's a privacy problem too.
Homepage / VBSWG.X - redirects infected computers to a porno page
Funlove / Win32.FLC - "Fun Loving Criminal".
VBS/SST VBS/OnTheFly AnnaKournikova - Worm -
Shockwave, Creative, ProLin Worm - Shockwave movie
Life Stages - Worm - Removal Tool
HAHAHA, Hybris, Snow White Worm
Groovie Virus, W97M.Groov - MS Word 97
W32/Navidad Worm
VBS/LoveLetter Worm, "Love Bug", "ILOVEYOU"
Pretty Park, "W32Pretty.Worm".
Buddy List Trojan Horse - AOL Specific
Trojan.AOL.Buddy, "Penny Tools Trojan" - AOL Specific
W32/KRIZ.3862, W32/KRIZ.4092, W32/KRIZ.4050
Cool APStrojan.qa, W95 Troan.Cool, AOL.PS.Trojan - AOL Specific
ColdApe - MS Word 97
Happy99 Worm
Melissa Virus
NetBus, Back Orifice - Trojans - removal instructons
CIH/Chernobyl Virus - highly destructive!
Windows ExploreZip Worm

Windows - Notices & Patches

Microsoft issued more than 100 security notices and patches in 2000. We will only list those of general business interest.

UA Control Vulnerability - Office 2000 - This vulnerability allows viruses to be launched from e-mail without opening attachments. The first useage, Davinia, was designed to be destructive but was clumsy and did not propegate well. Future exploits could be far more effective. You should download and apply the patch available from Microsoft.

Apple Macintosh Vulnerabilities

Melissa Virus - Macintosh users of Microsoft Office 2001 now have a beta of Outlook available (formerly just Outlook Express). Outlook is enabling the Melissa virus to spread among Mac users.

Linux Vulnerabilities

While Linux is not subject to the fast spreading e-mail virus problems Windows systems have, Linux computers connected to DSL and cable modems are vulnerable to break-in, worms and trojans if their patch levels are not kept up-to-date.

Important: Do not run your Linux box logged in as root. Yes, it's more of a hassle to set your stuff up to run as a user, but running as root makes your system very vulnerable. If root runs a hostile file, it runs with full system privelages, just like under Windows.

Ramen Worm - This worm attacks Red Hat Linux 6.2 and 7.0 systems that have not been patched for wu-ftp, rpc.statd and LPRng. Aside from propegating, it disables the ftp service and defaces Web sites by replacing pages named "index.html" with it's own Web page. Description and removeal instructions are at a href="http://www.linuxsecurity.com/articles/network_security_article-2335.html"> Linuxsecurity.com.
Dual Boot (Linux/Windows): reestablishing the Linux boot loader. After using fdisk /MBR to remove a DOS/Windows boot sector virus puters. Instructions at CERN. Their link to their Linux boot disk is broken, but you can use the "rescue disk" you made when you installed Linux.

Other Resources

CERT Virus Resources Page.

©:Andrew Grygus - Automation Access - www.aaxnet.com - aax@aaxnet.com
Velocity Networks: Network Consulting Service - Internet Service Provider - Web Page Design and Hosting
All trademarks and trade names are recognized as property of their owners.