TU-Logo

TU Startseite


Sicherheit im Web
Antivirus
sog. E-Mail-Viren (Hoaxes)


Software
Microsoft IE
Java / JS
Win 3.1x
Win 32
Mac
Unix
Amiga
OS/2, Atari, NeXT,...
Suchmaschinen

erweiterte Suche in diesen Seiten
Privacy Policy

Hoax-Liste
Extra-Blätter
  © TU Berlin, tubIT, Bearbeiter: Frank Ziemann  -  Update: 30.08.2009
 Hoax-Info   Hoax-Liste   Weblog   Extra-Blätter   Sicherheits-Updates   E-Mail Hilfe   Presse 

Extra-Blatt (27.05.03)

Hoax: W32.MFG.Tassos@mm

Wieder eine Warnung vor einem Virus, den es nicht gibt

Originaltext der Falschmeldung

From: NAV_INFORMATION_CENTER 
Subject: New Virus! be patient!


Dear all,

I am sorry to tell you that one of our mail-server was infected by W32.MFG.Tassos@mm. 
I had this Virus on my PC. You may be have received this virus if you read or send 
any mail the last 9 days. A infection is only possible on windows systems. The virus 
would be detected by NAV if you have the latest definition list. Infected mails seems 
to be clean, but they run a pernicious local windows-script that modifies or deletes 
the rundll32.exe and the aspi4.dll. It also modifies some registry entries. This virus 
makes copys of his sefl till your harddrive is totally full. Any mail can be infected. 
After cleaning your system, install the latest Definition list from symantec. The virus 
reads your Outlook-contacts, and will be sended to any one of them, if there is an 
e-mail address registered. There are 2 ways to check if you are infected, and if yes, 
to resolve this infection:

1) Automatic Recovery Tool from Symantec:

 Go to following link and follow the instructions: 
 http://securityresponse.symantec.com/avcenter/venc/data/w32.mfg.tassos@mm..removal.tool.html
 Please be sure that you run this tool in save mod.


WARNING!!! 
FOLLOWING STEP DESCRIBES MODIFYING OF WINDOWS REGISTRY. DON'T PROCEED IF YOU ARE SURE THAT 
YOUR SYSTEM IS NOT INFECTED. PLEASE CONTACT YOUR ADMINISTRATOR TO MODIFY THE REGISTRY IF 
YOU ARE NOT SURE HOW TO DO IT, OR IF YOU DON'T KNOW IF YOU HAVE TO. 


2) Manual Detection and desinfection:

 a) Print this mail out
 b) close any running programms, especialy these programms that use internet connection 
    (Netscape, Internet Explerer, Outlook, Messenger e.t.c.)
 c) Plug your networkkables (also ISDN Cable or Modem Cable) out from your PC and determinate 
    any W-LAN-Connections.
 d) Click on Start -> Run -> regedit
 e) Search for following key: "\\HKEY_LOKAL_MACHINE\SOFTWARE\Microsoft\Windows\Run" 
    If you see a folder called OptionalComponents you are infected. Please delete this Folder.
 f) Search for following key and if it exists on your registry delete it: 
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products"
 g) Close regedit.
 h) press start -> run -> type "cmd" and press enter
 i) type "C:" -> type "cd\" -> type "cd %systemroot%" -> type "cd system 32"
    -> type "del *.msc /q /f"  -> type "exit"
 j) klick on "My Computer" -> Folder Options -> View -> enable "show hidden files and folders"
    and disable "hide protected operating system files" -> press ok -> press ok
 k) klick on start -> search -> search for a file called NTDETECT.COM and delete it. If this 
    file does not exist search for a file called TWUNK_32.EXE and delete it.
 l) replace your rundll32.exe with a not infected version. (You will get one if you contact 
    Microsoft support http://support.microsoft.com/default.aspx?scid=FH;EN-US;FAQS)
 m) install the latest aspi drivers.

Sorry for this effort.

Die Warnung vor W32.MFG.Tassos@mm ist ein Hoax, eine Falschmeldung.
Bitte verbreiten Sie diese Falschmeldung nicht weiter!

Wer selbst in den Virendatenbanken nachschlagen möchte, findet hier eine Link-Liste.


zurück zur Hoax-Seite | zur Hoax-Liste | zum Extra-Blatt