Re: 7 dwarves virus

From: Michael Lorrey (mike@datamann.com)
Date: Mon Feb 05 2001 - 10:45:36 MST


Brian Phillips wrote:
>
> hi,
> might someone post the dwarves info again, i am thinking I need to clear the
> bug from my system, and Ma\Afee is na' working on this one, BTW my apologies
> if my computer un-savvy should somehow affect others, I am working to remedy
> this problem.
> What effects did this virus have (for those who are better with the IT
> than me)? private email is fine of course....

It displays a black and white spinning spiral pattern in the front of
the screen (it doesn't allow other programs to come to the front), and
this can activate when the user attempts to download any file from
anywhere on the web. The spiral problem also writes a line to the
win.ini file such as:

run=c:\windows\system\abcdabcd.exe

where 'abcd' is any pattern of letters. This is much like the W32\MTX or
"Matrix" worm. This worm will launch (when you boot) a program you can
see in your task manager called 'mtx_.' There are four files you need to
delete from the system (which I can't recall but are listed in the fix
instructions on McAfee's website) in order to repair this, and you will
need to re-install the winsock files.



This archive was generated by hypermail 2b30 : Mon May 28 2001 - 09:56:35 MDT