TCS - Mini-Zip Virus Alert

Mini-Zip Virus Alert

by Don Singleton
Tulsa Computer Society
From the January 2000 issue of the I/O Port Newsletter

Recently I learned of a new virus problem, and posted an alert regarding it at the top of http://www.tcs.org/webpage.htm, where I hope most TCS members might see it.

If you did not notice it, the symptoms are you will receive an email which will have the following content:

I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs.

It will also contain a worm attachment named zipped_files.exe.

In addition, when Worm.ExploreZip(pack) is executed, it searches drives C through Z of your computer system and accessible network machines for particular files. The worm then destroys all files containing any of the following extensions: .h, .c, .cpp, .asm, .doc, .xls, .ppt. This is accomplished by calling CreateFile(), and making the file extensions 0 bytes long. One may notice extended hard drive activity when this occurs. This can result in non-recoverable data.

This payload routine continues to happen while the worm is active on the system. Thus, any newly created files matching the extensions list will be destroyed as well.

For more information on the Tulsa Computer Society click here

This page has been accessed

times.
Tulsa Computer Society 12/12/99

Don Singleton, President
djs@ionet.net

Mini-Zip Virus Alert

by Don Singleton Tulsa Computer Society From the January 2000 issue of the I/O Port Newsletter

by Don Singleton
Tulsa Computer Society
From the January 2000 issue of the I/O Port Newsletter