Mikes Virus Info page 1
ANTI VIRUS

Back To MYTECH

Mike's VIRUS INFO PAGES
To VIRUS INFO main
To Mike's VIRUS INFO Page 2
To Mike's VIRUS INFO HACKFIX TIPS Page 3
To HACKFIX PROGRAM UPDATES Page 4
To ME_XP Restore
Uninstalling_Norton_AV
Mike's VirusInfo Virus Information Feeds
Mike's Virus Removers
VIRUS ALERTS Feed
My Doom Information
NETSKY P information

W32Zafi-D  Christmas Virus Makes the Rounds  


Name W32/Zafi-D   Medium threat

**Panda has one of the best grahical descriptions ~  Mike
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=56161&sind=0

Type  Worm

How it spreads   Email attachments
Peer-to-peer

Affected operating systems Windows

Side effects Sends itself to email addresses found on the infected computer
Installs itself in the Registry

Aliases Email-Worm.Win32.Zafi.d
W32/Zafi.d@MM

Protection Download virus identity (IDE) file  
Protection available since 14 December 2004 11:56:00 (GMT)  
Included in our products from February 2005 (3.90)
More information on IDE files What are IDE files?
How to use IDE files
Get the latest IDE files

Staying up to date
EM Library, part of the Enterprise Manager suite of management tools, allows
fully automated web-based installation and updating of Sophos Anti-Virus on
a wide range of platforms. If you're using one of our enterprise solutions
and aren't already using EM Library, check it out now. Users of our small
business solutions are automatically updated by Sophos AutoUpdate.


Description
This section helps you to understand how it behaves
W32/Zafi-D is a mass mailing worm and peer-to-peer worm.

W32/Zafi-D copies itself to the Windows system folder with the filename
Norton Update.exe.

W32/Zafi-D creates a number of files in the Windows system folder with
filenames consisting of 8 random characters and a DLL extension. Some of
these are exact or zipped copies of the worm, detected as W32/Zafi-D, while
others are log files created by the worm.

W32/Zafi-D harvests email addresses from the Windows Address Book and from
files found on the hard drive.

W32/Zafi-D copies itself to folders with names containing share, upload, or
music as ICQ 2005a new!.exe or winamp 5.7 new!.exe.

W32/Zafi-D displays an fake error message box with the caption "CRC: 04F6Bh"
and the text "Error in packed file!".


Recovery
This section tells you how to disinfect.
Please follow the instructions for removing worms.


Advanced
This section is for technical experts who want to know more.  
W32/Zafi-D is a mass mailing and peer-to-peer worm.

W32/Zafi-D copies itself to the Windows system folder with the filename
Norton Update.exe and creates the following entry in the registry so as to
run itself when a user logs on:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Wxp4

W32/Zafi-D creates a number of files in the Windows system folder with
filenames consisting of 8 random characters and a DLL extension. Some of
these are exact or zipped copies of the worm, detected as W32/Zafi-D, while
others are log files created by the worm.

W32/Zafi-D attempts to terminate processes related to files found in folders
that have names containing the following strings:

syman, viru, trend, secur, panda, cafee, sopho, kasper

W32/Zafi-D attempts to open files containing the following strings and keep
them open so as to make them inaccessible to the user:

reged, msconfig, task

W32/Zafi-D copies itself to folders containing one of the following strings:


share, upload, music

W32/Zafi-D copies itself to these folders with one of the following
filenames:

ICQ 2005a new!.exe
winamp 5.7 new!.exe

W32/Zafi-D harvests email addresses from the Windows Address Book and from
files it finds with the extensions HTM, WAB, TXT, DBX, TBB, ASP, PHP, SHT,
ADB, MBX, EML, PMR, FPT or INB.

W32/Zafi-D may copy the file from which it is harvesting addresses to
C:\S.CM.

W32/Zafi-D does not harvest addresses that contain the following words:

yaho, google, win, use, info, help, admi, webm, micro, msn, hotm, suppor,
syman, viru, trend, secur, panda, cafee, sopho, kasper

W32/Zafi-D does not harvest addresses that contain 16 or more digits.

W32/Zafi-D may generate random addresses using harvested domain names.

W32/Zafi-D produces emails with the following characteristics depending on
the nationality of the recipient, which it gathers from the region-specific
top-level domain (e.g. .uk, .de, .fr, .nl etc.)

From line: This is either a name gathered from the host email setup or one
of the following:

Pamela M.
T. Antonio
J. Martin
V. Dusan
R. Cornel
H. Irene
S. Ewa
C. Lina
M. Virtanen
M. Emma
J. Andersson
V. Jensen
V. Tatyana
N. Fernandez
T. Maria

Subject line: This can start either "Re:", "Fw:" or with nothing, continuing
with one of the following:

Merry Christmas!
Buon Natale!
Joyeux Noel!
Christmas pohlednice
Prettige Kerstdagen!
Weihnachen card.
Christmas - Kertki!
Christmas - Atviruka!
Christmas postikorti!
Christmas Postkort!
Christmas Vykort!
Christmas Kort!
ecard.ru
Feliz Navidad!
boldog karacsony...

Message body: This is in plain text and html format. Both consist either of
two words or spaces, followed by a smiley and the sender name from the
subject line. In the html the words or spaces are separated by "...."
strings and an lewd animated GIF file of two smileys and the line starts and
ends in asterisks. The html text ends in a string containing a domain name
followed by the text "Picture Size: 11 KB, Mail +OK".
The words used in the text are from the following, or using non-Roman
characters:

Happy Hollydays!
Buon Natale!
Joyeux Noel!
Prettige Kerstdagen!
Frohliche Wiehnachten!
Wesolych Swiat!
Naujieji Metai!
Iloista Joulua!
God Jul!
Glaedelig Jul!
Feliz Navidad
Kellemes Unnepeket!

Attached filename: This starts "link." or nothing, followed by one name from
the following list:

postcard.
cartoline.
ecarte.
phlednice.
kerstdagen.
weihnachten.
kartki.
atviruka.
postikorti.
postkort.
vykort.
ekort.
card.
navidad.
karacsony.

This is then followed by "christmas." or nothing, then by "index." or
nothing.

The attachment then has one of the following fake extensions followed by 4
random digits:

.php
.htm
.jpg
.gif

The attachment has one of the following actual extensions:

.cmd
.bat
.pif
.com
.zip

If the attachment is a ZIP file then the worm inside it has a filename of
one of the following:

postcard.
wishcard.
xmascard.
giftcard.

This is followed by either "id" or "php", four random digits and one of the
following extensions:

.cmd
.bat
.pif
.com

For example, the attached file may be a zip file named
atviruka.christmas.index.jpg6245.zip containing a copy of the virus named
wishcard.id8302.cmd

W32/Zafi-D creates entries in the registry, some related to file it drops
and some related to system information. The entries are all at
HKLM\Software\Microsoft\Wxp4\ with some of the following values:

t1, t2, t3, t4, t5, t6, t7, t8, t9, tA, tB, tC, tD, tE, tZ, rB, rC,
mA, mB, mC, ... , mX, mY, mZ
lA, lB, lC, ... , lX, lY, lZ

W32/Zafi-D displays an fake error message box with the caption "CRC: 04F6Bh"
and the text "Error in packed file!".

From; PC-magazin Germany
http://www.pc-magazin.de/praxis/sicherheit/cm/virenecke/show_sophos.php?id=78
0

Aliases;
Email-Worm.Win32.Zafi.d (AVP), Nocard.A@mm (Norman), W32.Erkez.D@mm
(Symantec), W32/Zafi-D (Sophos), WORM_ZAFI.D (Trend)

Mcaffe
http://us.mcafee.com/root/campaign.asp?cid=12942
Panda
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=56161&sind=0
Secunia
http://secunia.com/virus_information/13874/
Sophos
http://www.sophos.com/virusinfo/analyses/w32zafid.html
Symantec
http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.d@mm.html
Trend;
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZAFI.D


 

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

  • Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
  • If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
  • Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
  • Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
  • Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

 

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

  1. Disable System Restore (Windows Me/XP).
  2. Update the virus definitions.
  3. Restart the computer in Safe mode or VGA mode.
  4. Run a full system scan and delete all the files detected as W32.Netsky.F@mm.
  5. Delete the value that was added to the registry.
For specific details on each of these steps, read the following instructions.

1. Disabling System Restore (Windows Me/XP) 1. Disabling System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, re-enable System Restore by following the instructions in the aforementioned documents.Note:

For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article, "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder,"Article ID: Q263455.

2. Updating the virus definitions 2. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
  • Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
  • Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

    The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.

3. Restarting the computer in Safe mode or VGA mode 3. Restarting the computer in Safe mode or VGA mode

Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode or VGA mode.
  • For Windows 95, 98, Me, 2000, or XP users, restart the computer in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode."
  • For Windows NT 4 users, restart the computer in VGA mode.

4. Scanning for and deleting the infected files 4. Scanning for and deleting the infected files
  1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.
  2. Run a full system scan.
  3. If any files are detected as infected with W32.Netsky.F@mm, click Delete.

5. Deleting the value from the registry 5. Deleting the value from the registry

WARNING:Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.WARNING: How to make a backup of the Windows registry
  1. Click Start, and then click Run. (The Run dialog box appears.)
  2. Type regedit

    Then click OK. (The Registry Editor opens.)

  3. Navigate to the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  4. In the right pane, delete the value:

    "Zone Labs Client Ex"="%windir%\svchost.exe -antivirus service"

  5. Exit the Registry Editor.

See Also:

Computer Associates;
http://www3.ca.com/virusinfo/virus.aspx?ID=38479

F-Prot; http://www.f-prot.com/virusinfo/descriptions/netsky_f.html

MacAfee;
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101073

Sophos;
http://www.sophos.com/virusinfo/analyses/w32netskyf.html


Browser and Homepage Hijacking


One of the hazards of surfing the web are programs that hijack your browser or home page.
Here are a few of the tested programs which will help you regain control of your browser;

Ad-aware
http://www.lavasoftusa.com/
Ad-aware Standard Edition is THE award winning, free*, multicomponent detection and removal utility that consistently leads the industry in safety, user satisfaction, support and reliability.
With its ability to comprehensively scan your memory, registry, hard, removable and optical drives for known datamining, aggressive advertising, and tracking components, Ad-aware will provide the user with the confidence to surf the Internet knowing that their privacy will remain intact. Let Ad-aware protect your privacy.
++ There is more on the web site.

Browser Parasite List
http://allentech.net/parasite/list.phtml
Below is a list of all browser parasites currently in our database. Click on any parasite name to see the full information we have available. Please note that filenames, registry keys and paths sometimes change faster than we can keep up, so your system may vary from the information we present here.
++

"Homepage Hijacking" a form of spyware.
http://tiemdesign.com/features/hijacking.htm
You have been surfing all over the web for hours and hours, you close your browser and take a break. You come back to your PC a few hours later and fire up your browser.
Wait a minute! That isn't my home page! What happened to my home page? You realize that your normal home page is no longer there and some new page is there and pop-up ads start appearing from out of no where, even when your browser is closed.
++

HijackThis 1.97.6
http://www.majorgeeks.com/download.php?det=3155
HijackThis, a general homepage hijackers detector and remover. Initially based on the article Hijacked!, but expanded with almost a dozen other checks against hijacker tricks. It is continually updated to detect and remove new hijacks. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites. As a result, false positives are imminent and unless you are sure what you're doing, you should always consult with knowledgable folks (e.g. the forums) before deleting anything.
++

The Skinny on Spyware
http://www.keyboardpower.com/spyware.htm
Besides viruses, Trojans & worms, we have to deal with spyware! 
If you never download free programs from the Internet you may think you are safe from spyware, but ‘ain’t necessarily so’. Some websites can plant it on your pc without you even knowing it.  Spyware will ‘phone home’ & tell the originator just what you’ve been doing and where you have been surfing. Very naughty! One of the most popular download helpers, Gator, is known spyware. Gator can also  bring you another little surprise, Top Text.
++

SpywareGuard 2.2
http://www.wilderssecurity.net/spywareguard.html
SpywareGuard is compatible with: Windows 98, ME, 2000, XP
SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
And you can easily have an anti-virus program running alongside SpywareGuard.
SpywareGuard now also features Download Protection and Browser Hijacking Protection!
++

Spybot - Search & Destroy
http://spybot.eon.net.au/
Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. If you see new toolbars in your Internet Explorer that you didn't intentionally install, if your browser crashes, or if your browser start page has changed without your knowing, you most probably have spyware. But even if you don't see anything, you may be infected, because more and more spyware is emerging that is silently tracking your surfing behaviour to create a marketing profile of you that will be sold to advertisement companies. Spybot-S&D is free, so there's no harm in trying to see if something snooped into your computer, too :)
++

StartPage Guard 2.2
http://www.securityconfig.com/software/cookie/startpage_guard_2.2.html
StartPage Guard (SPG) protects your PC from cyberscam, by detecting and preventing any unauthorized changes to your internet browsers Start and Search pages. It is also capable of removing automatically most  of known invaders. Malicious programs (viruses, trojans, backdoors, etc.) sometime change the StartPage to gain the ground.
++

See My Spyware Article from ABC here;
http://personal-computer-tutor.com/abc2/v18/mike18.htm

Panda's Virus Course

Now you can quickly learn, free of charge, all you wanted to know about viruses.
Just follow this simple and enjoyable online course.

This is a two-hour basic course, through which you will acquire a basic knowledge on viruses and on how to be protected against them.
You can read it at your own pace: you can stop and start again where you left off.
Repeat it completely, or just those chapters you liked the most.
If you think this course is useful, recommend it to your friends.
++There is more on the web site.

How Computer Viruses Work by Marshall Brain

Computer viruses are mysterious and grab our attention. On the one hand, viruses show us how vulnerable we are. A properly engineered virus can have an amazing effect on the worldwide Internet. On the other hand, they show how sophisticated and interconnected human beings have become.
++
From; HowStuffWorks

HACKFIX CONFIG sites

http://www.hackfix.org/software/configure/

In this section, we wanted to offer suggestions to optimize your software.
Most programs install with default settings which are not to your advantage.
~~~~
ANTI-VIRUS SOFTWARE

~~~~
Anitdote

AntiVir

AVG

BitDefender

EZ-Antivirus

InoculateIT PE

Kaspersky

McAfee

Norman

Nortons

Panda

Pc-Cillin

RAV

ANTITROJAN SOFTWARE

PestPatrol

Tauscan

The Cleaner

FIREWALL SOFTWARE

ZoneAlarm

Antivirus software is a good choice to scan your system for possible viruses.

However no virus scanner is 100% effective as manufactures cannot keep up

with the rapid change of viruses that happens daily.

Be sure to update yours regularly.

http://www.hackfix.org/software/antivirus.html

The following "AntiVirus Software detection results" are reproduced with the permission of "HackFix"

AntiVirus Software detection results; Please read our Important Notes

A-M N-Z ALL

Icon Key
Detects no versions
of this trojan.
Detects some versions
of this trojan.
Detects all versions
of this trojan.
a
n
t
i
d
o
t
e
a
n
t
i
v
i
r
a
v
a
s
t
a
v
g
b
i
t
d
e
f
e
n
d
e
r
e
z
a
n
t
i
v
i
r
u
s
k
a
s
p
e
r
s
k
y
m
c
a
f
e
e
n
a
v
n
o
r
m
a
n
p
c
c
i
l
l
i
n
r
a
v
M
Last Updated - - D
Y		 10
24
03		 10
27
03		 10
27
03		 10
21
03		 10
27
03		 10
27
03		 10
27
03		 10
22
03		 10
24
03		 10
27
03		 10
27
03		 10
27
03
Detection Rate 100
%		 97
%		 98
%		 64
%		 94
%		 73
%		 100
%		 100
%		 95
%		 100
%		 100
%		 96
%
acid_battery
acid_shiver
ambush
aol_trojan

Be sure to go to the web site for the full table.

http://www.hackfix.org/miscfix/icons-av.shtml

staff@hackfix.org
http://www.hackfix.org/

Top

Security and Filename Extensions by Uzi Paz updated 30 March 2002
http://www.geocities.com/uzipaz/eng/safe.html

Most of us know that we cannot get infected by viewing a simple text file (with extension .txt) or by viewing a JPEG or a GIF file (extensions .jpg or .gif). Even if there is a code of a virus in a text file, by viewing it, the code will not be executed, and thus cannot do any harm.

For this reason, files with filename extensions such as .txt, .jpg, .gif, .mpg, and many others are safe for viewing, and there is no risk in viewing them.

While this is in practice correct, there are many complications due to various tricks which viruses use in order to hide their real type and to cheat us to believe that they are in a format which is harmless (such as JPG, GIF, etc.) This document discusses those various tricks, and possible remedies.

Be sure to read the rest of this informative article on the web site!

Top

Tip: Emergency Removal of Malware

From;Security Portal

Some malware runs in memory, making it difficult to remove from a computer. To take back control of an infected computer, do the following.
*Turn off the computer for 30 seconds or more to clear the memory.

*Insert a clean boot (startup) disk and turn on the computer. The computer should start up in DOS from the clean boot disk, displaying an "A" prompt.

*Remove the boot disk from the floppy drive and insert an antivirus disk (such as F-Prot).

*Enter the name of the executable on the antivirus disk, such as f-prot.exe,
to run an antivirus program from a floppy disk.
If you have a problem finding the name, enter a command like "DIR/P" to see the contents of the current directory.

*Run an antivirus scan of all files on the hard disk, removing identified malware when found.
Restart the computer when done, running an updated on-demand scanner on the hard drive to double-check
the removal of malware as well as complete scanning of all other media (floppy disks, email files, etc.).

Top

Tip: How to Fit F-Prot on a Floppy Disk

F-Prot is a popular antivirus program, free to home users and inexpensive for businesses. F-Prot is one of the most compatible programs around. F-Prot no longer fits on a single floppy disk, leaving you three options: 1) use an installer program 2) create a series of disk 3) create a CD.

From; Security Portal


Top

What is an email virus?

Unlike an attached file that the user must execute, email viruses are actually embedded within the email itself. Thus, users can become infected simply by reading the email. In fact, in certain cases simply previewing the email can cause infection. Email viruses to date affect only Microsoft Outlook and Outlook Express users, though a person using a different email client can spread the infection to other users. Additionally, Eudora users who receive a Kak infected email and choose the delete option in their antivirus software risk the loss of their entire inbox. This is not a fault of the antivirus software, but rather the way Eudora handles individual emails as an addition to one large file.

From; http://antivirus.about.com/library/blemail.htm

Examples of email viruses
Click the highlighted name to view a description of the virus

HTML/Little Davinia
VBS/Forgotten
BleBla
Kak

In addition to viruses, there are email wiretapping schemes possible that allow forwarded email messages to be copied and read by others.
For details on how your email can be tracked and spied upon, view the article: Email Wiretapping

How do I prevent an email virus?

These viruses take advantage of security vulnerabilities found in Microsoft Outlook and Outlook Express. Microsoft routinely releases approximately 100 security patches per year making it difficult to stay informed.
Visit the Free Prevention Center to discover which critical updates are needed for your system.
The following list of security patches should not be considered a definitive list.

"Follow three steps to begin improving the security of your Windows-based computer: use a firewall, get regular updates, and use antivirus software."
http://www.microsoft.com/security/protect/
http://www.microsoft.com/technet/security/bulletin/ms99-032.asp
http://www.microsoft.com/technet/security/bulletin/ms00-034.asp
http://www.microsoft.com/technet/security/bulletin/ms00-037.asp
http://www.microsoft.com/technet/security/bulletin/ms00-046.asp

How do I disable JavaScript and ActiveX in email?

In addition to applying necessary security patches, Outlook and Outlook Express,
should be configured to prevent scripts from running within email.
This precaution should also be taken with Netscape Mail users.

The following steps will ensure proper security settings:

Outlook and Outlook Express

Set the Restricted Sites security zone to disable all ActiveX and Java.
Do this from Internet Explorer by selecting the following menu items:
Tools | Internet Options | Security | Restricted Sites | Custom Level
Note: Just setting the restrictions to High will not work.
You must choose Custom Level and scroll through the list disabling all options for scripting of Java or ActiveX. If you are unable to follow this step, it may be a good idea to ask an experienced friend for assistance.

After making the necessary modifications to Restricted Zones, you will need to add Outlook or Outlook Express to this Zone.

Open Outlook Express or Outlook (if not already open)
Choose Tools | Options | Security | Select the Restricted Zone.

Netscape Mail

Select Edit | Preferences from the menu | Choose Category | Advanced Remove the "X" next to "Enable Javascript for Mail and News"
Click "OK"

For non-virus related questions about email, check out Email.About.com.
This site has some great resources for thwarting email spam!

More than just viruses threaten your data. Let Jim Williams, your About.com guide to
Internet & Network Security give you the low-down on cyberthreats.

For help with general Windows issues, visit guru Ed Bott at Windows.About.com

What is the difference between an update and an upgrade?
You want to know the difference between a product update and a product upgrade.

Updates
A product update is defined as a fix or enhancement to a product.
Updates are generally downloadable and free.
Please note that current Symantec products include a feature called LiveUpdate.
With LiveUpdate, you can download any updates that are available for your product.
For complete information about how to use LiveUpdate, please click here.

Upgrades
A product upgrade is the purchase of a new version in a product family.
If you have a previous version in a product family, such as Norton AntiVirus, Norton Internet Security, etc.,
then you may receive a discounted price when you purchase an upgrade.
To purchase product upgrades in the United States or US Territories from the ShopSymantec Upgrade Center,
please click here. Canadian customers please click here.

From;Symantec Knowlege Base

Top


Virus Hoax Information Page

Virus Hoax Busters Largest Mailing list in Yahoo Groups Viruses Category!
Subscription by E-mail
Please feel free to link to this page and to send this address
http://www.stockhelp.net/virus.html
to anyone who sends you a virus hoax, chain letter, urban legend or fraudulent claim.
You can also tell them to subscribe to our mailing list.
Thank you.

Top

An Introduction to Viruses and Malicious Code,
Part Three: Detecting and Resolving Virus Infections

This is the third and final installment in a series offering an introductory overview of viruses and other malicious code. In part one of this series, An Introduction to Viruses and Malicious Code, we discussed viruses and malicious code; what they are and how they affect your computer. In part two, Protecting Your Computers and Data, we discussed ways to prevent malicious code from infecting your systems. In this installment, we will take a step-by-step approach in dealing with a virus infection. As well, we will look at a real-life example of removing a worm from an infected system.

Go to the web site

Top

Have you been receiving spam/virus from "hahaha@sexyfun.net"?

DO NOT OPEN THE EMAILS. THEY ARE INFECTED AND HAVE A FAKE RETURN ADDRESS!!

Things you should know:

1. The current owner of the domain sexyfun.net, the hosting company slowmoe.com,
      and anyone else affiliated with us did NOT create the virus / worm.
2. This site WAS created in response to the virus / worm/
3. Hopefully, this site will help you get rid of the virus.
4. The domain was purchased on Dec-11-2000, this virus was first reported on,
      Sept-25-2000 (to my knowledge)

This site is in no way affiliated with any other site on the Internet,
this includes sexyfun.com, sexyfun.ca, hahaha.com, nor hahaha.com.au.


Go to the web site

Top

Mike's VIRUS INFO PAGES
To VIRUS INFO main
To Mike's VIRUS INFO Page 2
To Mike's VIRUS INFO HACKFIX TIPS Page 3
To HACKFIX PROGRAM UPDATES Page 4
To ME_XP Restore
Uninstalling_Norton_AV
Mike's VirusInfo Virus Information Feeds
Mike's Virus Removers
VIRUS ALERTS Feed

Top

Send comments, questions about this Web page to webmaster


Updated - 12/14/04