Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

 ALERTS
 

BEWARE OF NETBUS TROJAN

                     NetBus is a remote administration tool, just like the famous Back Orifice tool. However, Netbus works on Windows 95/98/NT. Netbus is basically a small utility for remote controlling of one computer from different computer using the Network. But it is being more misused as a Trojan than an actual tool.

                     Netbus consists of two parts a Server and a Client software. One can control and perform certain functions on one PC having Server software installed. To control a PC it has to have the Server part of Netbus installed. You can control other PC having Server using a Client part of the software. The server part takes steps to protect itself from being removed from the system - it hides its process name in Windows task manager and denies access to file on attempt to delete or rename it.

Back to the Top

BEWARE OF WM/MELISSA VIRUS

                     Melissa virus makes use of the MAPI functions in Microsoft Outlook to retrieve the current user profile and password for server logon. This Virus grabs the first 50 addresses from the address book of Microsoft Outlook and resends the mail .The infected word document contains the porno site address. It infects Word97 and Office 2000 documents.

                     In Word97, the virus disables the Tools/Macro menu commands, the Confirm Conversions option, the MS Word macro virus protection, and the Save Normal Template prompt. The virus then checks to see if the registry key "HKEY_CURRENT_USER\Software\Microsoft\Office\Melissa?" contains the value ". . . by Kwyjibo." This is how the virus determines whether it has activated on this system.

                     The virus then opens Outlook, if present on the system, and sends one email for each address list. The email may contain up to 50 recipients. The email will contain the subject line: "Important Message From {user name}" and the message body will be "Here is that document you asked for . . . don't show anyone else :-)" The virus then attaches a copy of the infected active document to the outgoing mail. The name of the original infected attachment was List.doc, but it could be any name. If the user does not have Outlook, the virus will not work. Then the virus modifies the value of the registry key mentioned above so it is equal to ". . . by Kwijibo" -- indicating that it has successfully activated on this computer.

                     After that, the virus checks to see if the normal template and active document are infected, and if either is not, it infects the file. Finally, if the day of the month is equal to the minute (for example, if it is March 26 at 3:26 pm), the virus will type the following text on the active document: "Twenty-two points, plus triple-word-score, plus fifty points for using all my letters. Game's over. I'm outta here."

Back to the Top

BEWARE OF XM/PAPA VIRUS

                     Papa virus is a Microsoft Excel virus which also spreads through email. When an infected Excel spreadsheet is opened, the Papa virus makes use of the MAPI functions in Microsoft Outlook to retrieve the current user profile and password for server logon. The virus will then access the Outlook client address book and select up to 60 recipients to automatically send new email messages to with infected Excel spreadsheets attached. The e-mails will have the following text:

Subject: Fwd: Workbook from all.net and Fred Cohen
Body: Urgent info inside. Disregard macro warning

                     These emails will have Excel spreadsheets attached that are also infected with the X97M_PAPA virus. Finally, the virus will randomly generate a number between one and six; if the random number is equal to 2 or 4, the virus will cause the infected computer to continuously PING the IP address 207.222.214.225 (if the random number is 4) or the IP address 24.1.84.100 (if the random number is 2). This virus does not attempt to infect other workbooks on the local hard drive. The first version of this virus had bugs and would not spread via e-mail as the virus author intended, but the second version( papa-B) of the virus spreads effectively via e-mail.

Back to the Top

BEWARE OF HAPPY99 WORM

                     The is a Win32-based e-mail and newsgroup worm. It displays fireworks when executed first time as Happy99.exe. ( Normally this file arrives as an e-mail attachment to a particular PC, or it is downloaded from a newsgroup.) When executed first time, it creates SKA.EXE and SKA.DLL in the system directory. Also it modifies WSOCK32.DLL to infect.

                     This worm also maintains a list of addresses it has posted a copy of itself. This is stored in a file called LISTE.SKA. (The number of entries are limited in this file.) The worm contains the following encrytped text which is not displayed:

Is it a virus, a worm, a trojan?
MOUT-MOUT Hybrid (c) Spanska 1999.

                     The mail header of the manipulated mails will contain a new field called "X-Spanska: YES". Normally this header field is not visible to receivers of the message. Since the worm does not check WSOCK32.DLL's attribute, it can not patch it if it is set to read only. Please note that after disinfection of this worm you will have to rename WSOCK32.SKA back to WSOCK32.DLL in \WINDOWS\SYSTEM folder to restore all original WinSock capabilities. "

Back to the Top

Fire anti-virus users can update this signature file from our web site. A free utility also available to detect and clean these viruses in Download Center.

Click here to see Other Famous Viruses in the world.

Go to top of the page
Bottom image.