Virus Alerts

This page acts as a resource for SHSU computer users. From here you can check on the latest e-mail virus, worm, or bug that we may be receiving at the University. Below in Bold you will see the Virus Name and 2 links to information on how the virus works, and how to fix it.

Small.DAM

Virus Profile - Symantec

Trojan.Peacomm is a Trojan horse that drops a driver program file to download another program. It is reportedly attached to spammed email. It may also be dropped by W32.Mixor.Q@mm.

Trojan.Peacomm reportedly arrives as an attachment to a spammed email with the following characteristics:

W32.Mydoom.M

Virus Profile - Symantec
Virus Profile - McAfee

W32.Mydoom.M@mm is a mass-mailing worm that drops and executes a backdoor, detected as Backdoor.Zincite.A , that listens on TCP port 1034. The worm uses its own SMTP engine to send itself to email addresses it finds on the infected computer.

Download the patch: Fix MyDoom Tool.

W32.Netsky.C

Virus Profile - Symantec
Virus Profile - McAfee

W32.Netsky.C is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning hard drives and mapped drives. This worm also searches drives C through Y for the folder names containing "Shar" and then copies itself to those folders. The Subject, Body, and email attachment vary.

W32.Blaster.Worm

Virus Profile - Symantec
Virus Profile - McAfee

W32.Blaster.Worm is a worm that exploits the Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface vulnerability (described in Microsoft Security Bulletin MS03-026). This worm attempts to download the msblast.exe file to the %WinDir%\system32 directory and then execute it. The program attempts to launch a denial of service attack on the Microsoft Windows Update web site.

Download the patch: Fix Blaster Tool

W32.Welchia.Worm

Virus Profile - Symantec
Virus Profile - McAfee

W32.Welchia.Worm Attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer. Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.

Download the patch: Fix Welchia Tool

W32.Klez.H@mm

Virus Profile - Symantec
Virus Profile - McAfee

W32/Klez.h@MM makes use of Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability in Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2).
the worm has the ability to spoof the FROM: field (often set to an address found on the victim machine). By spoofing the FROM field the e-mail can look like it came from you, even though you did not send it. In some cases you may not have the virus, though you will receive messages telling you you are infected, because "you" (aka the virus) have sent someone an infected e-mail. Just make sure to have an up to date virus scanner, and you should be okay.
The worm mails itself to email addresses in the Windows Address Book, plus addresses extracted from files on the victim machine. It arrives in an email message whose subject and body is composed from a pool of strings carried within the virus (the virus can also add other strings obtained from the local machine).

W32/Myparty.a@MM

Virus Profile - Symantec
Virus Profile - McAfee

W32.Myparty@mm is a mass-mailing email worm.

W32/Sircam@mm

Virus Profile - Symantec
Virus Profile - McAfee

Comes as an attached document from someone you know.
Spreads via e-mail, network shares (T:\ Drive).

W32.Magistr@mm

Virus Profile - Symantec
Virus Profile - McAfee

Comes as an attached executable from someone you know.
Infects Windows Executables, including core system files.
If uncleaned, damage can not be repaired.

W32.Funlove

Virus Profile - Symantec
Virus Profile - McAfee

Infects core system files
Modifies NT kernel. Must be reinstalled to repair all damages.
Spreads via e-mail and network shares (T:\ Drive).