HP Printer Recall !!!
W32.Bugbear@mm is a mass-mailing worm that is rapidly spreading to Windows users.
Symantec Security Response has released virus definitions to protect against this threat, as well as a removal tool to assist in recovering systems already infected.
Bug Bear Removal Tool
W32.Klez.H@mm is a modified variant of the worm W32.Klez.E@mm. This variant is capable of spreading by email and network shares. It is also capable of infecting files. Symantec has provided a tool to remove infections of all known variants of W32.Klez and W32.ElKern. This is the easiest way to remove these threats and should be tried first.
Note on W32.Klez.gen@mm detections: W32.Klez.gen@mm is a generic detection that detects variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm have most likely been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most cases, the tool will be able to remove the infection.
Also Known As: W32/Klez.h@MM, WORM_KLEZ.H, W32/Klez-G, I-Worm.Klez.h, Klez.H, W32/Klez.H, Win32.Klez.H, WORM_KLEZ.I
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, Unix, Linux/h3>
Klez Fix Tool
CUPERTINO, Calif. - Sept. 19, 2001 - Symantec Corp. (Nasdaq: SYMC), a world leader in Internet security, today announced that new analysis of W32.Nimda.A@mm reveals that the worm contains an additional destructive payload that will not only require detection, but removal. The new analysis indicates that the worm is a file infector, infects .exe files resides in memory.
W32.Nimda.A@mm is a mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by e-mail, infects machines over the network, and infects unpatched or already vulnerable Microsoft IIS Web servers. The worm also has various side effects, such as increasing network traffic while searching for machines to infect, which may cause network bandwidth problems. W32.Nimda.A@mm will also attempt to create security holes by creating a guest account with administrator privileges and create open shares on the infected system.
Symantec currently provides an integrated detection and repair solution against W32.Nimda.A@mm. In one step, users can download a solution that will simultaneously detect the worm and repair damaged files. The new definitions are available through Symantec's LiveUpdate feature or from the Symantec Web site. Symantec is developing a separate removal tool to eradicate the worm from the PC memory.
Discovered on: July 17, 2001. Due to an increased rate of virus submissions, The Symantec AntiVirus Research Center (SARC) has upgraded W32.Sircam.Worm@mm from a level 3 to a level 4 virus threat.
W32.Sircam.Worm@mm contains its own SMTP engine, and propagates in a manner similar to the W32.Magistr.Worm. Due to what appears to be a bug, this worm does not replicate under Windows NT or 2000.
SARC has created a tool to remove this worm. CAUTION: In some cases, if you have had NAV quarantine or delete infected files, you will not be able to run .exe files, however you will still be able to run the removal tool.
To obtain the W32.Sircam.Worm@mm removal tool, please click here.
Sir Cam Fix Tool
Discovered on: August 4, 2001. CodeRed II was discovered on August 4, 2001. It has been called a variant of the original CodeRed Worm because it uses the same "buffer overflow" exploit to propagate to other web servers. Symantec AntiVirus Research Center received reports of a high number of IIS web servers that were infected. CodeRed II is considered to be a high threat.
The original CodeRed had a payload that causes a Denial of Service attack on the White House Web server. CodeRed II has a different payload that allows the hacker to have full remote access to the Web server.
SARC has created a tool to perform a vulnerability assessment of your computer and remove the CodeRed Worm and CodeRed II. The tool is available in two forms, both of which are free. If you are running Microsoft’s IIS server, it is strongly recommended that you apply the latest Microsoft patch to protect yourself from this worm. Download the patches :