What is Win32/ExploreZip?
ExploreZip is a Win32-based e-mail worm. It searches for any and all Microsoft Office documents on your hard drive and network drives. When it finds any Word, Excel, or Powerpoint documents using the following extensions: .doc, .xls, and .ppt, it erases the contents of those files. It also emails itself to anyone who sends you an email.
How do I get it?
ExploreZip arrives as an email attachment. The message will most likely come from someone you know, and the body of the message will read:
"I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs."
The attachment will be name: "zipped_files.exe" and have a WinZip icon. Double clicking the zipped_files.exe program infects your computer. You will then see a dialog box displaying the following message:
"Cannot open file: it does not appear to be a valid archive. If this file is part of a ZIP format backup set, insert the last disk of the backup set and try again. Please press F1 for help."
Who's at risk?
People running Microsoft Windows95, Windows98, or WindowsNT are at risk. MacOS and WebTV are immune to the virus.
What exactly does the virus do to my computer?
When the zipped_files.exe program is ran, it creates a copy of itself named explore.exe in your Windows System folder.
On Windows 95/98 systems, the following entry is written to the WIN.INI file:
run=C:\WINDOWS\SYSTEM\Explore.exe
On Windows NT systems, the following entry is written to the system registry:
HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows\run="C:\WINNT\System32\Explore.exe"
Subscribe to:
Post Comments (Atom)
.jpg)
No comments:
Post a Comment