TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
I received the Worm.Explore.zip virus from someone I recognize
as a member of TECHWR-L, probably as an automated response
to a message I sent last night. On the off-chance that other
TECHWR-L listmembers receive this virus as a result of posting,
I am posting a warning about this new virus -- yes, it is real.
Below is from Symantec's website:
************************
Worm.ExploreZip is a worm that contains a malicious payload. The worm
utilizes MAPI commands and Microsoft Outlook on Windows systems to propagate
itself. The worm was first discovered in Israel and submitted to the
Symantec AntiVirus Research Center on June 6, 1999.
The worm e-mails itself out as an attachment with the filename
"zipped_files.exe". The body of the e-mail message may appear to come from a
known e-mail correspondent and contains the following text:
Hi Receipient Name!
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
bye
The worm determines whom to mail this message to by going through your
received messages in your Inbox. Once the attachment is executed, it may
display the following window:
The worm proceeds to copy itself to the c:\windows\system directory with the
filename "Explore.exe" and then modifies the WIN.INI file so, the program is
executed each time Windows is started. The worm then utilizes your e-mail
client to harvest e-mail addresses in order to propagate itself. One may
notice
their e-mail client start when this occurs.
Payload:
In addition, when Worm.ExploreZip is executed, it also searches through the
C through Z drives of your computer system and selects a series of files of
any file extension to destroy by making them 0 bytes long. This can result
in non-recoverable data and/or computer system.
Repair Notes:
To remove this worm, one should perform the following steps:
1.Remove the line run=C:\WINDOWS\SYSTEM\Explore.exe from the WIN.INI file
2.Delete the file "C:\WINDOWS\SYSTEM\EXPLORE.EXE". One may need to reboot
first, if the file is currently in use.
Norton AntiVirus users can protect themselves from this worm by downloading
the current virus definitions either through LiveUpdate
