![]() |
|
| 2
0 0 1 |
|
|
Computing Infrastructure Support (CIS) CIS Computer Help Desk |
|||
| Monthly Virus Update: Goner, Gokar and Other Nasty Worms |
|
This look at the latest viruses making the cyber-rounds is provided by the Lab's Computer Protection Program. The viruses described below are all being blocked by the Lab's "VirusWall," which scans all incoming email with "lbl.gov" addresses for viruses. Employees who maintain their own Lab email servers should check to ensure that these systems have updated antivirus software. Goner This worm spread extremely quickly on December 4 and has been tapering off as people update their antivirus software to detect and destroy it. It only affects Microsoft Windows systems. The worm does not damage the system or files, however it will attempt to disable antivirus software, including Norton Antivirus. It may also attempt to flood certain IRC chat channels from the infected computer. It spreads by mailing itself to everyone in the Windows Address Book or through ICQ chat sessions. Identifying marks: Removal: Be sure to uninstall and reinstall Norton Antivirus as per the instructions once the infection has been purged.
Gokar This worm appeared on December 12 and has been spreading quickly. It only affects Microsoft Windows systems. The worm does not damage the system or files. It spreads by mailing itself to everyone in Windows Address Book, through ICQ chat sessions, or through a modified Web page. In the latter case, if the worm infects a computer running the IIS Web server, it will modify the home page to include link allowing website visitors to download a copy of WEB.EXE. Identifying marks: Subject: One of the following,
Message: One of the following, * "Hey They say love is blind ... well, the attachment probably proves it. Pretty good either way though, isn't it ?" * "You should like this, it could have been made for you speak to you later" Attachment: A random file name starting with a number followed by a bunch of nonsense letters and numbers. The attachment may be a .pif, .scr, .exe, .com, or .bat file. On an infected computer the file "Karen.exe" will exist in the Windows directory. Removal: ****************** Other recent worms to avoid: ZACKER Worm FUNDLL Worm PAUKOR Worm UPDATR Worm Possible attachments: Setup.exe, install.exe, Readme.exe, Files.exe,
Picture.exe, Quotation.Doc.exe, letter.doc.exe or Picture.jpg.exe |
|
Top | Return to Computing News |