Mini-Zip Virus Alert

I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs.

It will also contain a worm attachment named zipped_files.exe.

In addition, when Worm.ExploreZip(pack) is executed, it searches drives C through Z of your computer system and accessible network machines for particular files. The worm then destroys all files containing any of the following extensions: .h, .c, .cpp, .asm, .doc, .xls, .ppt. This is accomplished by calling CreateFile(), and making the file extensions 0 bytes long. One may notice extended hard drive activity when this occurs. This can result in non-recoverable data.

This payload routine continues to happen while the worm is active on the system. Thus, any newly created files matching the extensions list will be destroyed as well.

For further information see:

• Mini-Zip Virus Infects Systems
• Symantec
• Dr Solomon's Virus Central
• Data Fellows