| |
Site Navigation
Main
News
Forums
Games
Games Database
Top 100
Release List
Support Files
Features
Reviews
Previews
Interviews
Editorials
Diaries
Misc
Download
Gallery
Music
Screenshots
Videos
Miscellaneous
Staff Members
Privacy Statement
|
|
Not too much RPG related but you can't play an RPG when most of your C:\ drive has been deleted by a virus, right ? ;)
Check out this info delivered by anti virus specialists McAfee.
Here's the virus' characteristics:
This threat is detected as VBS/Generic@MM with the 4141 DATs or newer. It arrives via Internet Relay Chat, or in an email message containing the following information:
Subject: Outlook Express Update
Body: MSNSofware Co.
Attachment: Mmsn_offline.htm
Opening the attachment infects the local system. The worm sends itself to all Microsoft Outlook Contacts and Windows Address Book entries using MAPI. Copies of the worm are created using different formats:
- C:\B.HTM
- C:\BLA.HTA
- C:\WINDOWS\help\mmsn_offline.htm
- C:\WINDOWS\SAMPLES\WSH\Charts.js
- %drive letter%\Start Menu\Programs\StartUp\msoe.hta (on network drives)
The C:\AUTOEXEC.BAT file is over written with Echo y|format c:
All SCRIPT.INI files are overwritten with mIRC script commands to send the virus to others when they join a channel that an infected user is on. All .ASP, .HTM, and .HTML files are overwritten with the virus code. The content of all other files is deleted if the day is 1,5,10,15, or 20, leaving them with 0 bytes of data.
The following registry keys are created:
- HKEY_LOCAL_SYSTEM\Software\Microsoft\Windows\CurrentVersion\
Run\NAV DefAlert=C:\WINDOWS\help\mmsn_offline.htm
- HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
|
|
|
Virus Alert: Don't mess with JS/Gigger.a@MM
