Store Locator: Enter Zip Code: List All Locations

W97M/Suppl Virus Alert!!! (9/22/99)

Question

W97M/Suppl Virus Alert!!! (9/22/99)

Answer

This question was answered on September 22, 1999. Much of the information contained herein may have changed since posting.

Yet another Word Macro virus named the W97M/Suppl has been discovered. Like many other virus/worm programs of this nature, it attempts to infect other computers by attaching itself (using the file "SUPPL.DOC") to outgoing email messages. If you receive an email with an attachment called SUPPL.DOC, DO NOT OPEN the attachment. Delete it immediately.

W97M/Suppl has a destructive payload: At infection, the virus replaces the existing WSOCK32.DLL file with a new version that contains a trojan. Approximately 163 hours (6.79 days) after initially infecting the local machine, the corrupted WSOCK32.DLL will corrupt all files within all fixed drives with the following extensions: .doc, .xls, .txt, .rtf, .dbf, .zip, .arj & .rar

Common indications of infection include receiving a Macro warning during the opening of an infected document, an increase in the size to the global template or a confirmation message of changes to NORMAL.DOT.

Mcafee VirusScan must be upgraded to version 4.03 in order to combat this new strain. You can update it at:

<a href="http://download.mcafee.com/updates/updates.asp"><font color="#003399"> http://download.mcafee.com/updates/updates.asp</font></a>

Get the latest Norton Anti-Virus update at:

<a href="http://www.symantec.com/avcenter/download.html"><font color="#003399">http://www.symantec.com/avcenter/download.html</font></a>

According to Norton's Antivirus Research Center, to completely remove the worm (ONLY IF YOU HAVE BEEN INFECTED!), you can do the removal steps below.

If you are using dial-up connection (i.e. America Online), you need to do the following:

Terminate Internet connection

Use Windows Explorer to delete files named ANTHRAX in WINDOWS directory and the incoming attachment, SUPPL.DOC file.

If WSOCK33.DLL presents, delete the detected WINDOWS\SYSTEM\WSOCK32.DLL. If you do not see any file named WSOCK33 or WSOCK32, you need to change Windows Explorer view setting to view DLL / System files. In Windows 95, this can be done from View-Options-ShowAllFiles. In Windows 98, this can be done from View-FolderOptions-View-HiddenFiles-ShowAllFiles.

In WINDOWS\SYSTEM\ directory, copy WSOCK33.DLL to WSOCK32.DLL

If you are connected to Internet through permanent connection (i.e. Office LAN, DSL, or cable modem), you need to do the following:

From the Start menu, select shutdown-restart in MS DOS mode

Type CD \windows\system when DOS prompt (C:\)appears

Type COPY WSOCK33.DLL WSOCK32.DLL

Author

Posted by Ken of Data Doctors on September 22, 1999

Personal Services | Business Services | Radio Show | Free Help Center | Franchising | About Us | Sitemap

Business Network Solutions | Computer Data Recovery | Computer Franchises | Computer Hardware Repair | Computer Help | Computer Network Support | Computer Problems | Computer Repair | Computer Troubleshooting | Data Recovery | Data Recovery Service | Data Recovery Services | Disk Recovery | File Recovery | Wireless Networking Solutions