Virus - Spyware - Spam - Scam - VACM Alerts from Automated PC Solutions
  Automated PC Solutions
      VACM - Virus Alerts for the Common Man
Virus - Spyware - Spam - Scam - VACM Alerts from Automated PC Solutions
Virus - Spyware - Spam - Scam - VACM Alerts from Automated PC Solutions

Christmas greeting will destroy your system!



Greetings from The VACM Team,

In this issue:
------------------------------------
- Christmas greeting actually a very destructive virus...
  This virus is disguised as "CHRISTMAS" and will cause
  more damage and loss of data on your system than any virus
  we've seen in quite a while.


***************************************************
* The Bottom Line...
***************************************************
Also known as W32/Maldal.c@MM, Keyluc, W32.Reeezak.A@mm,
W32.Zacker.C@mm, this virus arrives as an email with an
attachment that looks like an innocent MacromediaŽ FlashT movie.

WARNING: This email will most likely come from someone you know!

If you run this, your system will be damaged VERY extensively!

If you double-click the attachment:

  -your keyboard will be disabled
  -a graphic of Santa Claus and a reindeer is displayed, while...
  -all files found in Windows\System directory are deleted
  -your Internet Explorer homepage is changed to that
         of an infected Geocities website
  -the virus makes itself start each time you reboot
  -the virus mails itself to everyone in your address book
  -infects all files with extensions of .asp, .htm, .html
  -replaces all ".lnk", ".zip", ".jpg", ".jpeg", ".mpg",
         ".mpeg", ".doc", ".xls", ".mdb", ".txt", ".ppt",
         ".pps", ".ram", ".rm", ".mp3" and ".swf" with itself
         by deleting the original files and replacing with a
         file of the same name but with ".VBS" added to the
         filename. Kiss all these files goodbye, essentially.
  -you mIRC configuration file, mirc.ini, is replaced by
         the worm, so that users joining a channel inhabited
         by an infected user will also be sent the URL to the
         infected website.

The attachment is a file called CHRISTMAS.EXE with an icon of
a Flash Movie.  If you have not set windows to NOT hide file
extensions, you will not see that this is an EXE (executable)
file.

If you have already done the VACM HowTo article "Disable
Hiding of File Extensions", you would be able to see that
the attachment ends in ".EXE" and you would know that you
should NEVER double-click on an EXE file attachment.

The "Disable Hiding of File Extensions" article can be found at:

  HowTo Unhide File Extensions

If you do get infected, the next time you start Internet
Explorer, you will be taken to a website where further damage
will be done:

  -antivirus and firewall software disabled/removed
         (NOTE: ZoneAlarm is not vulnerable to this one, kudos!)
  -a variety of other files on your system are infected
  -these infected files are then automatically run
  -a second mass-mailing to your address book is done
         with the subject line:  "Very Important!"


***************************************************
* The Email You Would Get...
***************************************************
The email arrives with a subject of

   "Happy New Year"

The attached "CHRISTMAS.EXE" has a MacromediaŽ FlashT icon in
an attempt to trick users into opening the file. However, the
file is really a very malicious virus written in Visual Basic 5
that delivers a nasty payload and a political message against
President Bush.

The body of the email reads:

   Hii,
        I can't describe my feelings
        But all I can say
        is Happy new year :-)
   bye


***************************************************
* What You Should Do...
***************************************************
1. Update antivirus software daily
    Because of the complex nature of the worm, it would be best
    for you to check for and apply antivirus updates at least
    once a day.

2. Patch Internet Explorer so that you are not vulnerable to the
    types of infected web sites this virus sends you to.  The patch
    can be found at:

    Microsoft Virtual Machine Patch

3. "Disable Hiding of File Extensions" by following the
    instructions in our "How To" article at:

    How To Unhide File Extensions

4. If you haven't already done all of our "How To" articles to
    harden your system against these types of viruses, now might be
    a good time to consider it.  They can be found at:

    The VACM Archive


***************************************************
* If You Get Infected
***************************************************
If you do run this virus, your antivirus software may be able to
undo the virus so that it no longer runs, but you will have lost
a substantial number of files already.  As mentioned above, you
will have lost all files ending in:

    ".lnk", ".zip", ".jpg", ".jpeg", ".mpg",
    ".mpeg", ".doc", ".xls", ".mdb", ".txt", ".ppt",
    ".pps", ".ram", ".rm", ".mp3" and ".swf"

Basically, all files that you use for your business will have been
wiped out, including Word documents, Excel spreadsheets, JPG images,
Access databases, PowerPoint presentations, Text Files, etc.




Best Regards,
Marc Deschenes, VACM Editor
The VACM Project at
Automated PC Solutions

 

*** Be sure to check out the appendix at the end of this alert
if you are having trouble booting your computer into "Safe Mode".
The process is all spelled out for you there.

 

Why should you be very
concerned about Spyware?		 Learn how to avoid Identity Theft and Windows corruption in this
free VACM Video:
     VACM-tested #1 AntiSpyware Software

How did they steal my Identity?

Why do I get so much SPAM ?

Why is your computer
running so slow ?

Today, every PC needs just a few protection softwares. Find out what and why. Visit our Links Page to avoid Indentiry Theft and costly computer repairs.
   VACM Links to Protection Tools and Softwares
Keep your PC Safe and
Avoid a costly trip to the shop...
with these VACM approved tools.

You need 3 things to protect your PC(s) automatically. Use these links to go directly to the Download and Purchase pages:

     

 

 

Old Shotgun Shell Boxes
are collector's items and
worth good money!
 (yes... just the empty boxes)

get your
  ShotShell BlueBook
price guide
now.
 

 

To cancel your subscription to VACM, reply to this email with the word UNSUBSCRIBE in the subject.

If you click on the link below, the "unsubscribe" email will be created for you and you can simply hit "Send" in you email program:

Create My Unsubscribe Email

IMPORTANT: please include the email address at which you are currently receiving VACM Alerts in the body of the message.

 

 

******** APPENDIX - Handy How-To Tips **********


  * How To Boot into Safe Mode

Shut the computer down so that the power is off.

Turn the computer on, wait 1 second and begin pressing the F8 key
on the keyboard, once every second repeatedly. Do this until
the Windows Startup Menu appears. If you get a keyboard
error, press F1 to resume and then continue pressing the
F8 key once every second, or your PC may tell you to press another key for BIOS setup.

Select Safe Mode from the Windows Startup Menu, then press
the Enter key on the keyboard.

Windows will then boot into Safe Mode.
NOTE: This may take longer than a normal boot.

At the end of the boot process a dialog box will appear
informing you that Windows is in Safe Mode. Click OK on this dialog box.

Windows is now in Safe Mode.

If you miss hitting the F8 at the right time, Windows will boot
normally and you will not see the "Safe Mode" message.  In this
case, start from the top of these instructions until you get the
boot menu screen where you can choose "Safe Mode".  This can be
a little tricky the first time you do it.

 

 

 

 

Locations of visitors to this page