Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

A NEW MASS MAILER WITH DEADLY PAYLOAD REPORTED

                     W97M/Resume is a word macro worm makes use of the MAPI functions in Microsoft Outlook to retrieve the current user profile and password for server logon. This worm grabs e-mail addresses from the address book of Microsoft Outlook and resends the mail. It is very similar to Melissa virus. It won't infect any document in the system but will delete files in the mapped drives.

                     The email will contain the subject line: "Resume - Janet Simons" and the message body will be

"To: Director of Sales/Marketing,

Attached is my resume with a list of references contained within.

Please feel free to call or email me if you have any further questions
regarding my experience. I am looking forward to hearing from you.

Sincerely,

Janet Simons."

                     When the the attachment "explorer.doc" is opened it will mail first. If Outlook is not installed or not configured, it will fail to mail. Then it will wait for close of document. When the document is closed it will copy to "C:\WINDOWS\Start Menu\Programs\StartUp\Explorer.doc" and "C:\Data\Normal.dot".Then it will delete the following files.

                     "C:\*.*"
                     "C:\My Documents\*.*"
                     "C:\WINDOWS\*.*"
                     "C:\WINDOWS\SYSTEM\*.*"
                     "C:\WINNT\*.*"
                     "C:\WINNT\SYSTEM32\*.*"
                     "A:\*.*"
                     "B:\*.*"
                     "D:\*.*"
                     "E:\*.*"
                     "F:\*.*"
                     ...........
                     ...........

                     "Y:\*.*"
                     "Z:\*.*"

Inside the virus code following text is there within comments

'----------------------------------------------------------'
' Better You Than Me Buddy... '
' ... Hope You Like My vIrUs '
' :) '
' :( '
'----------------------------------------------------------'

How can I protect my system?

There is no special update required for Fire users. Fire "Heuristic Engine" will detect and remove this worm automatically in the name "W97M/Melissa.variant".

How can I find my system is infected?

This worm creates "C:\Data\Normal.dot" and C:\WINDOWS\Start Menu\Programs\StartUp\Explorer.doc". If the files are present in the folder, your PC is infected with this worm. Just delete these files to remove the worm or Download our Free macro scanner to detect and remove the worm.

Go to top of the page
Bottom image.