Automated PC Solutions
VACM - Virus Alerts for the Common Man

get it now:   #1 AntiSpyware    #1 AntiVirus    #1 Personal Firewall      
   
      VACM Home      VACM Links      APCS Home     
            bookmark this page: Bookmark this page on Delicious...


New variant of Zacker making the rounds, with a twist

  Your old boxes are worth CASH $$...   Click to learn more... 
 

Electronics
Bargains

 


VACM Home
  VACM How-To Movie:   Learn how to Remove Spyware from your PC for free (really!).   Click to Watch the video.  


Greetings from The VACM Team,

In this issue:
------------------------------------
- New variant of Zacker/Maldal.I making the rounds, with a twist


***************************************************
* The Bottom Line...
***************************************************
The original Zacker virus, first reported in the VACM
from 12/19/2001, is making the rounds again, this time with
some more agressive subject lines to dupe people into
double-clicking the attached virus file.


***************************************************
* How To Recognize This Virus Email...
***************************************************
The new Zacker variant, dubbed "Maldal.I worm", usually comes
from someone you know.  It arrives with an
attachment and one of the following subject lines:

   "Fwd: WoOoOoOow"
   "Fwd:Wow , We are the same !"
   "Fwd: [Muzicana-Group] Download what you want"
   "Zakia Zakaria & Najati :P"
   "Fwd:The demand of sex ... where does it lead us to ?"
   "Take a picture for your self (Don't be mad its only a joke)"
   "Fwd:Is there any true love ?"
   "Fwd:Have u ever seen your face?! (Funny)"
   "Fwd:Against the power of women"
   "Fwd:Fwd:If you care about your wife"
   "Fwd:Say 'I Love You' in 300 languages"
   "Fwd:Send it to every body you love ;)"
   "Re:Fwd:Romantic Day"
   "Fwd: Let's Dance & forget pains"
   "Fwd:Loneliness ..."
   "Fwd: [sex-is] HoT MoVies"
   "Fwd: [SpanishGirlsGroup] Hola ..."
   "Fwd: [LsbianLovers-group] Lick my asshole"
   "Fwd:[Anal-sex-team] OOOH Faster"
   "Fwd: [PussyLand-egroup] How sweet..."
   "Fwd: [DrFun-egroup] Let's Laugh"
   "Fwd: [FuNnY-egroup]Hehehehehe damn"
   "Fwd: [SexyGurls-egroup] Raping a little girl"
   "Fwd: [Scr-News-egroup] Have u ever seen BLOOD"
   "Fwd: [Yabdoo-egroup]For HaCkers Lovers"
   "Fwd: [Jews-egroup] Sharoon Owns The World"
   "Fwd: [FunMaiL-group]Bush under bin laden's cock !!!"
   "Fwd: [Teen-egroup] Three Ways For Love"
   "Fwd: [RomanticLife-group] Learn How To Love ..."
   "Fwd: [Gays-egroup]Oh Shittttt"
   "Fwd:Remember our survivors"
   "Fwd: [JewsFood-egroup] Dogs Meat !!!"
   "Fwd: [PianoMoZart-egroup] Wow Romantic"
   "Fwd:Tonight is... The Night Of Sex"
   "Fwd: Are you looking for FUN !!!?"
   "Fwd: [PussyPiss-egroup] Piss On my face :O"
   "Fwd: [Finance-group] Do you wanna be a rich man?"
   "Fwd:"
   "Fwd: [lovedreams-egroup] love speaks from the heart ..."
   "Fwd:Change your life with Dr.Jobreee"
   "Fwd: [TeroNews-Group] Too Late ... Bin Laden has been killed"
   "Fwd: [Pc.CLup-Group] Learn how to deal with DOS"
   "Fwd:[RapingTeen-eGroup] Oh My God !!!"
   "Fwd: The rights of women !!! "

The body of the email is usually empty and the attached file is
usually called PROGRAM.EXE or some other name ending in ".BAT".

If you double-click the attached file, the virus makes entries in your
system registry to ensure that it runs itself the next time you boot your
system.  

The next time you boot, and the virus runs, it displays a black dialog
box containing red text that says:

   "Sorry you have not registered
    Please contact us"

This dialog box also includes a few phone numbers, email addresses,
and instructions for subscribing.  It then sets another registry key,
HKey_Local_Machine\e5zemha.  Several entries are also made in the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key,
which may or may not be associated with actual files created by the
worm.

A second dialog similar to the first may occur five minutes after
being run, this time displaying the following text:

   ZaCker Is N YoUr MaChiNe


***************************************************
* What You Should Do If You Get Infected...
***************************************************
Because the registry keys created are of random names, the best
way to get rid of MalDal.I is to get your antivirus software's
latest updates (updated on or after February 21, 2002).  The
following steps should be taken to remove the virus:

1. Update your antivirus software.
  Because of the complex nature of today's viruses, it would
  be best if you check for and apply antivirus updates at least
  once a day.

2. Do a complete system virus scan with the latest
  antivirus updates.

3. Consider getting a copy of the new "Virus Secrets 2 - Complete
  System Hardening Guide" to harden your system against these new
  types of viruses.

4. At the very least, disable the hiding of file extensions.
  Our "How-To" article for doing this can be found at:

  How-To: disable hiding of file extensions


As with all email worms, prevention is the key.  Whenever a new
virus appears, there is always a period of time where antivirus
software is of no use against it until the antivirus update becomes
available.


                Check out Virus Secrets 2 today...




Best Regards,
Marc Deschenes, VACM Editor
The VACM Project at
Automated PC Solutions

 

 

*** Be sure to check out the appendix at the end of this alert
if you are having trouble booting your computer into "Safe Mode".
The process is all spelled out for you there.

 

Why should you be very
concerned about Spyware?		 Learn how to avoid Identity Theft and Windows corruption in this
free VACM Video:
     VACM-tested #1 AntiSpyware Software

How did they steal my Identity?

Why do I get so much SPAM ?

Why is your computer
running so slow ?

Today, every PC needs just a few protection softwares. Find out what and why. Visit our Links Page to avoid Indentiry Theft and costly computer repairs.
   VACM Links to Protection Tools and Softwares
Keep your PC Safe and
Avoid a costly trip to the shop...
with these VACM approved tools.

You need 3 things to protect your PC(s) automatically. Use these links to go directly to the Download and Purchase pages:

     

 

 

Old Shotgun Shell Boxes
are collector's items and
worth good money!
 (yes... just the empty boxes)

get your
  ShotShell BlueBook
price guide
now.
 

 

To cancel your subscription to VACM, reply to this email with the word UNSUBSCRIBE in the subject.

If you click on the link below, the "unsubscribe" email will be created for you and you can simply hit "Send" in you email program:

Create My Unsubscribe Email

IMPORTANT: please include the email address at which you are currently receiving VACM Alerts in the body of the message.

 

 

******** APPENDIX - Handy How-To Tips **********


  * How To Boot into Safe Mode

Shut the computer down so that the power is off.

Turn the computer on, wait 1 second and begin pressing the F8 key
on the keyboard, once every second repeatedly. Do this until
the Windows Startup Menu appears. If you get a keyboard
error, press F1 to resume and then continue pressing the
F8 key once every second, or your PC may tell you to press another key for BIOS setup.

Select Safe Mode from the Windows Startup Menu, then press
the Enter key on the keyboard.

Windows will then boot into Safe Mode.
NOTE: This may take longer than a normal boot.

At the end of the boot process a dialog box will appear
informing you that Windows is in Safe Mode. Click OK on this dialog box.

Windows is now in Safe Mode.

If you miss hitting the F8 at the right time, Windows will boot
normally and you will not see the "Safe Mode" message.  In this
case, start from the top of these instructions until you get the
boot menu screen where you can choose "Safe Mode".  This can be
a little tricky the first time you do it.

 

 

 

 

Locations of visitors to this page