Rychlé vyhledávání

Reklama

Tassos (W32.MFG.Tassos@mm)

První výskyt: 05.2003

Text hoaxu

Dear all,

I am sorry to tell you that one of our mail-server was infected by W32.MFG.Tassos@mm. I had this Virus on my PC. You may be have received this virus if you read or send any mail the last 9 days. A infection is only possible on windows systems. The virus would be detected by NAV if you have the latest definition list. Infected mails seems to be clean, but they run a pernicious local windows-script that modifies or deletes the rundll32.exe and the aspi4.dll. It also modifies some registry entries. This virus makes copys of his sefl till your harddrive is totally full. Any mail can be infected. After cleaning your system, install the latest Definition list from symantec. The virus reads your Outlook-contacts, and will be sended to any one of them, if there is an e-mail address registered. There are 2 ways to check if you are infected, and if yes, to resolve this infection:

1) Automatic Recovery Tool from Symantec:

Go to following link and follow the instructions:
http://securityresponse.symantec.com/avcenter/venc/data/w32.mfg.tassos@mm.removal.tool.html
Please be sure that you run this tool in save mod.


WARNING!!!
FOLLOWING STEP DESCRIBES MODIFYING OF WINDOWS REGISTRY. DON'T PROCEED IF YOU ARE SURE THAT YOUR SYSTEM IS NOT INFECTED. PLEASE CONTACT YOUR ADMINISTRATOR TO MODIFY THE REGISTRY IF YOU ARE NOT SURE HOW TO DO IT, OR IF YOU DON'T KNOW IF YOU HAVE TO.


2) Manual Detection and desinfection:

a) Print this mail out
b) close any running programms, especialy these programms that use internet connection (Netscape, Internet Explerer, Outlook, Messenger e.t.c.)
c) Plug your networkkables (also ISDN Cable or Modem Cable) out from your PC and determinate any W-LAN-Connections.
d) Click on Start -> Run -> regedit
e) Search for following key: "\\HKEY_LOKAL_MACHINE\SOFTWARE\Microsoft\Windows\Run" If you see a folder called OptionalComponents you are infected. Please delete this Folder.
f) Search for following key and if it exists on your registry delete it:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products"
g) Close regedit.
h) press start -> run -> type "cmd" and press enter
i) type "C:" -> type "cd\" -> type "cd %systemroot%" -> type "cd system 32" -> type "del *.msc /q /f" -> type "exit"
j) klick on "My Computer" -> Folder Options -> View -> enable "show hidden files and folders" and disable "hide protected operating system files" -> press ok -> press ok
k) klick on start -> search -> search for a file called NTDETECT.COM and delete it. If this file does not exist search for a file called TWUNK_32.EXE and delete it.
l) replace your rundll32.exe with a not infected version. (You will get one if you contact Microsoft support http://support.microsoft.com/default.aspx?scid=FH;EN-US;FAQS)
m) install the latest aspi drivers.

Sorry for this effort.

Adresa stránky: http://www.hoax.cz/hoax/tassos-w32mfgtassos@mm/
Alternativní odkaz: http://www.hoax.cz/index.php?section=hoax&action=hoax_detail&id=158

Naši partneři

Týdny mediálního vzdělávání - NA PRAVDĚ ZÁLEŽÍ
Projekt E-Bezpečí
MANIPULÁTOŘI.CZ
Internetem Bezpečně
Konference SECURITY
Hustej INTERNET
NEŠLAPE.CZ - NEŠLAPE Vám počítač? Odvirování PC, zrychlení počítače, ...
Viry.cz
PARANOIA.CZ
AVAST!
Check Point
Safer Internet
ToolStore - Nářadí, nástroje, pomůcky, nože, kvalitní rukavice

Podpořte nás

Bitcoin:
Bitcoin: 183jkMBfXdzYzK93vUPmrchohjLtLb3sDn
Bitcoin adresa:
183jkMBfXdzYzK93vUPmrchohjLtLb3sDn

Ikona pro Vás

HOAX.cz

Hoax.cz je archivován

WebArchiv - archiv českého webu

Doporučujeme

ZvolSi INFO - Surfařův průvodce po internetu
No More Ransom! Dekryptovací nástroje.
Právě dnes
RigoloKids - kvalitní dětské oblečení a doplňky z prémiových materiálů
Antivirové centrum
ER.cz - Přesměrování pro Váš web zdarma
CZilla
soom.cz
IMPROVE ACADEMY s.r.o.
Holičství, pánské kadeřnictví v Třebíči
Včelařství Špaček - kvalitní med a včelí produkty
Jógové studio Marcel Třebíč Havlíčkovo náb. 37
JÓGA TŘEBÍČ Jógové centrum v Třebíči.
Jóga s Pepou pro začátečníky a pokročilé