Article submitted by: April
For more information: http://www.symantec.com/avcenter/
Virus Alert The IT department has noted that there is a new
Trojan Horse is On Campus, Sircam is also on campus (notice went out
a couple of weeks ago). They are extremely hard to get rid of. Please
Symantec has received a substantial number of submissions since September
4, 2001 for this worm, formerly known as W32.Urgent.worm@mm. Therefore,
Symantec has upgraded the threat level from 2 to 3. We have added detection
since its its original discovery and certified definitions will be posted
on September 4, 2001.
This worm is a Visual Basic Application that arrives as a readme.exe
attachment to an e-mail. This worm requires Microsoft Visual Basic Runtime
Libraries to replicate. The body of the e-mail asks the recipient to
review the attachment, but once viewed, the worm will activate hook
your systems activation routines and then spread itself to everyone
in the user's address book
Also Known As: W32/Apost-mm, W32/Apost-A,
This worm arrives as an attachment to the following e-mail
Subject As per your request!
Body Please find attached file for your review.
I look forward to hear from you again very soon. Thank you. It will
then display the message box:
and waits for you to press the button, once you've pressed the button,
it will go through the above steps once more and then shows you the
following fake error message:
and then quits.
Attention Since this worm activates its insertion and e-mailing routinue
twice. An user likely will get at least two e-mails with this worm as
Removal & Prevention Instructions
1. Run LiveUpdate to make sure that you have the most recent virus
definitions. Most viruses can be cleaned up automatically by NAV (Norton
Anti-Virus) located on your computer. To ensure this, please 'manually'
execute your Norton Liveupdate. To do so: go to start - program files-
Norton antivirus- at the top on the right hand side please click on
liveupdate - then click on next - then click on next and then finish
or go to start -settings - control panel- liveupdate - then click on
next- then click on next or http://www.wnmu.edu/liveUp.htm is a visual
2. Start Norton AntiVirus (NAV), and run a full system scan, making
sure that NAV is set to scan all files.
3. Delete any files detected as Trojan.JS.Offensive . If you are unable
to locate or have any problems with this procedure please contact
the IT 'Help Desk' at: 4357 (574-4357 off campus)