W97M/Suppl Virus Alert!!! (9/22/99)

Question

W97M/Suppl Virus Alert!!! (9/22/99)

Answer

This question was answered on September 22, 1999. Much of the information contained herein may have changed since posting.

Yet another Word Macro virus named the W97M/Suppl has been discovered Like many other virus/worm programs of this nature, it attempts to infect other computers by attaching itself (using the file "SUPPL.DOC") to outgoing email messages If you receive an email with an attachment called SUPPL.DOC, DO NOT OPEN the attachment Delete it immediately

W97M/Suppl has a destructive payload: At infection, the virus replaces the existing WSOCK32.DLL file with a new version that contains a trojan Approximately 163 hours (6.79 days) after initially infecting the local machine, the corrupted WSOCK32.DLL will corrupt all files within all fixed drives with the following extensions: .doc, .xls, .txt, .rtf, .dbf, .zip, .arj & .rar

Common indications of infection include receiving a Macro warning during the opening of an infected document, an increase in the size to the global template or a confirmation message of changes to NORMAL.DOT

Mcafee VirusScan must be upgraded to version 4.03 in order to combat this new strain You can update it at:

<a href="http://download.mcafee.com/updates/updates.asp"><font color="#003399"> http://download.mcafee.com/updates/updates.asp</font></a><p>

Get the latest Norton Anti-Virus update at:

<a href="http://www.symantec.com/avcenter/download.html"><font color="#003399">http://www.symantec.com/avcenter/download.html</font></a>

According to Norton's Antivirus Research Center, to completely remove the worm (ONLY IF YOU HAVE BEEN INFECTED!), you can do the removal steps below

If you are using dial-up connection (i.e America Online), you need to do the following:

Terminate Internet connection

Use Windows Explorer to delete files named ANTHRAX in WINDOWS directory and the incoming attachment, SUPPL.DOC file

If WSOCK33.DLL presents, delete the detected WINDOWS\SYSTEM\WSOCK32.DLL If you do not see any file named WSOCK33 or WSOCK32, you need to change Windows Explorer view setting to view DLL / System files In Windows 95, this can be done from View-Options-ShowAllFiles In Windows 98, this can be done from View-FolderOptions-View-HiddenFiles-ShowAllFiles

In WINDOWS\SYSTEM\ directory, copy WSOCK33.DLL to WSOCK32.DLL

If you are connected to Internet through permanent connection (i.e Office LAN, DSL, or cable modem), you need to do the following:

From the Start menu, select shutdown-restart in MS DOS mode

Type CD \windows\system when DOS prompt (C:\)appears

Type COPY WSOCK33.DLL WSOCK32.DLL

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on September 22, 1999