Worm.Explore.zip virus

Subject: Worm.Explore.zip virus
From: Rowena Hart <rhart -at- XCERT -dot- COM>
Date: Fri, 11 Jun 1999 09:13:24 -0700

Hi everyone,

I received the Worm.Explore.zip virus from someone I recognize
as a member of TECHWR-L, probably as an automated response
to a message I sent last night. On the off-chance that other
TECHWR-L listmembers receive this virus as a result of posting,
I am posting a warning about this new virus -- yes, it is real.

Below is from Symantec's website:

Worm.ExploreZip is a worm that contains a malicious payload. The worm
utilizes MAPI commands and Microsoft Outlook on Windows systems to propagate
itself. The worm was first discovered in Israel and submitted to the
Symantec AntiVirus Research Center on June 6, 1999.

The worm e-mails itself out as an attachment with the filename
"zipped_files.exe". The body of the e-mail message may appear to come from a
known e-mail correspondent and contains the following text:

Hi Receipient Name!

I received your email and I shall send you a reply ASAP.

Till then, take a look at the attached zipped docs.


The worm determines whom to mail this message to by going through your
received messages in your Inbox. Once the attachment is executed, it may
display the following window:

The worm proceeds to copy itself to the c:\windows\system directory with the
filename "Explore.exe" and then modifies the WIN.INI file so, the program is
executed each time Windows is started. The worm then utilizes your e-mail
client to harvest e-mail addresses in order to propagate itself. One may
their e-mail client start when this occurs.


In addition, when Worm.ExploreZip is executed, it also searches through the
C through Z drives of your computer system and selects a series of files of
any file extension to destroy by making them 0 bytes long. This can result
in non-recoverable data and/or computer system.

Repair Notes:

To remove this worm, one should perform the following steps:

1.Remove the line run=C:\WINDOWS\SYSTEM\Explore.exe from the WIN.INI file
2.Delete the file "C:\WINDOWS\SYSTEM\EXPLORE.EXE". One may need to reboot
first, if the file is currently in use.

Norton AntiVirus users can protect themselves from this worm by downloading
the current virus definitions either through LiveUpdate

From ??? -at- ??? Sun Jan 00 00:00:00 0000=

Previous by Author: Errata for procedures
Next by Author: Web indexing
Previous by Thread: Making TW a Business Proposition
Next by Thread: Universal Generic Names Proposal (Humor)

What this post helpful? Share it with friends and colleagues:

Sponsored Ads