From britdisc-owner@csv.warwick.ac.uk Fri Mar 30 12:12:13 2001 Received: (from daemon@localhost) by pansy.csv.warwick.ac.uk (8.10.1/8.9.3) id f2UBBGG03595 for britdisc-outgoing; Fri, 30 Mar 2001 12:11:16 +0100 (BST) Received: from snowdrop.csv.warwick.ac.uk (root@snowdrop [137.205.192.31]) by pansy.csv.warwick.ac.uk (8.10.1/8.9.3) with ESMTP id f2UBBFx03574 for <britdisc-real@pansy.csv.warwick.ac.uk>; Fri, 30 Mar 2001 12:11:15 +0100 (BST) Received: from mail.atm.ox.ac.uk (mail.atm.ox.ac.uk [163.1.242.1]) by snowdrop.csv.warwick.ac.uk (8.10.1/8.9.3) with ESMTP id f2UBBEZ21922 for <britdisc@csv.warwick.ac.uk>; Fri, 30 Mar 2001 12:11:14 +0100 (BST) Received: from tashtego.atm.ox.ac.uk (IDENT:root@tashtego.atm.ox.ac.uk [163.1.242.206]) by mail.atm.ox.ac.uk (8.10.0/8.10.0) with ESMTP id f2UBBD330519; Fri, 30 Mar 2001 12:11:14 +0100 (BST) Received: from localhost (booth@localhost) by tashtego.atm.ox.ac.uk (8.9.3/8.8.2) with ESMTP id MAA04685; Fri, 30 Mar 2001 12:11:13 +0100 X-Authentication-Warning: tashtego.atm.ox.ac.uk: booth owned process doing -bs Date: Fri, 30 Mar 2001 12:11:13 +0100 (BST) From: Ben Booth <booth@atm.ox.ac.uk> To: "White, Tom" <tom.white@ic.ac.uk> cc: "'Tom Candlin '" <tom@tcandlin.fsnet.co.uk>, "'britdisc@csv.warwick.ac.uk '" <britdisc@csv.warwick.ac.uk> Subject: Re: virus stuff In-Reply-To: <A0F836836670D41183A800508BAF190B70D0B3@icex1.cc.ic.ac.uk> Message-ID: <Pine.LNX.4.21.0103301151550.3947-100000@tashtego.atm.ox.ac.uk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-britdisc@warwick.ac.uk Precedence: bulk There is online info on the virus at: http://www.info-sec.com/viruses/99/worm_explore_zip.shtml to name but one site. It looks like it's a Melisa like virus - but it may also effect your hard drive. Its coded in visual basic - so unix users need not fear as usual - effecting the microsoft exchange and outlook. Details of how it effects the infected system are given as well as the steps you need to clear it up - correct currupted files etc. I don't know exactly what it does - I didn't get a chance to install it. It apears to have altered slightly so there may not be the Explore.exe infection on your hard disk. (documentation suggests that the virus will try and send a message to any email sent the infected system and you'll find various files on your hard drive if you are infected) If its is there sipmle steps to remove it can be found on: http://www.ariga.com/peacewatch/curezip.htm Hope this adds something, Cheers Ben Hoofers/MooTones/OW! On Fri, 30 Mar 2001, White, Tom wrote: > yo. > > > it ain't anyones fault 'bout this virus stuff, it just happens. > > lets not all post replies about whether we got it, or who we are annoyed > with, cos its gonna get boring. > > If you got any real info about it (what it does, how to stop it etc), let us > know, if you don't wanna get it, then don't open any mails from Tom. > > Hope all people 'puters are well. > > laters > > tom (S&G) >