Worm.ExploreZip worm/virus program (6/10/99)
This question was answered on June 16, 1999. Much of the information contained herein may have changed since posting.
The Worm.ExploreZip worm/virus program has been launched and has been causing problems on e-mail systems worldwide Computers in the U.S., Germany, France, Norway, Israel and the Czech Republic have been infected, including companies
like Microsoft, Intel, Boeing and MSNBC.
The particulars of the program are as follows:
The e-mail message will have the following in the body of the message:
"Hi (Recipient Name)!
I received your email and I shall send you a reply ASAP
Till then, take a look at the attached zipped docs
A file will be attached to the e-mail with the name of "zipped_files.exe" DO NOT OPEN THIS FILE!!!!!!
If the attachment is executed, your computer will likely display a fake error message The worm then copies itself to the C:\WINDOWS\SYSTEM directory with the file-name "Explore.exe" and then modifies the WIN.INI file so the program is executed each time Windows is started.
When it is executed, the worm searches drives C: through Z: of a computer and selects a series of files to destroy based on file extensions (including .h, .c, .cpp, .asm, .doc, .xls, .ppt) by making them zero bytes long -- wiping out data.
To get rid of the worm, Symantec advises users to remove the line run=C:\WINDOWS\SYSTEM\Explore.exe from the WIN.INI file and delete the file "C:\WINDOWS\SYSTEM\EXPLORE.EXE."
If the file is in use, users may need to reboot first.
Symantec (Norton Anti-Virus) and Network Associates (McAfee Anti-virus) have posted anti-virus updates on their home pages to deal with the new worm
About the author
Posted by Ken Colburn of Data Doctors on June 16, 1999