Free Malware and Virus Solutions from APCS
VACM - Virus Alerts for the Common Man
   
VACM Home VACM - Stuff That Works 2012 APCS Home


New variant of Zacker making the rounds, with a twist

     
Stop spam with MailWasher
CyberPatrol Parental Controls
avast! New Version 6 Products Generic Banner

Protect your identity and your computer with VACM-approved "Stuff That Works"


Greetings from The VACM Team,

In this issue:
------------------------------------
- New variant of Zacker/Maldal.I making the rounds, with a twist


***************************************************
* The Bottom Line...
***************************************************
The original Zacker virus, first reported in the VACM
from 12/19/2001, is making the rounds again, this time with
some more agressive subject lines to dupe people into
double-clicking the attached virus file.


***************************************************
* How To Recognize This Virus Email...
***************************************************
The new Zacker variant, dubbed "Maldal.I worm", usually comes
from someone you know.  It arrives with an
attachment and one of the following subject lines:

   "Fwd: WoOoOoOow"
   "Fwd:Wow , We are the same !"
   "Fwd: [Muzicana-Group] Download what you want"
   "Zakia Zakaria & Najati :P"
   "Fwd:The demand of sex ... where does it lead us to ?"
   "Take a picture for your self (Don't be mad its only a joke)"
   "Fwd:Is there any true love ?"
   "Fwd:Have u ever seen your face?! (Funny)"
   "Fwd:Against the power of women"
   "Fwd:Fwd:If you care about your wife"
   "Fwd:Say 'I Love You' in 300 languages"
   "Fwd:Send it to every body you love ;)"
   "Re:Fwd:Romantic Day"
   "Fwd: Let's Dance & forget pains"
   "Fwd:Loneliness ..."
   "Fwd: [sex-is] HoT MoVies"
   "Fwd: [SpanishGirlsGroup] Hola ..."
   "Fwd: [LsbianLovers-group] Lick my asshole"
   "Fwd:[Anal-sex-team] OOOH Faster"
   "Fwd: [PussyLand-egroup] How sweet..."
   "Fwd: [DrFun-egroup] Let's Laugh"
   "Fwd: [FuNnY-egroup]Hehehehehe damn"
   "Fwd: [SexyGurls-egroup] Raping a little girl"
   "Fwd: [Scr-News-egroup] Have u ever seen BLOOD"
   "Fwd: [Yabdoo-egroup]For HaCkers Lovers"
   "Fwd: [Jews-egroup] Sharoon Owns The World"
   "Fwd: [FunMaiL-group]Bush under bin laden's cock !!!"
   "Fwd: [Teen-egroup] Three Ways For Love"
   "Fwd: [RomanticLife-group] Learn How To Love ..."
   "Fwd: [Gays-egroup]Oh Shittttt"
   "Fwd:Remember our survivors"
   "Fwd: [JewsFood-egroup] Dogs Meat !!!"
   "Fwd: [PianoMoZart-egroup] Wow Romantic"
   "Fwd:Tonight is... The Night Of Sex"
   "Fwd: Are you looking for FUN !!!?"
   "Fwd: [PussyPiss-egroup] Piss On my face :O"
   "Fwd: [Finance-group] Do you wanna be a rich man?"
   "Fwd:"
   "Fwd: [lovedreams-egroup] love speaks from the heart ..."
   "Fwd:Change your life with Dr.Jobreee"
   "Fwd: [TeroNews-Group] Too Late ... Bin Laden has been killed"
   "Fwd: [Pc.CLup-Group] Learn how to deal with DOS"
   "Fwd:[RapingTeen-eGroup] Oh My God !!!"
   "Fwd: The rights of women !!! "

The body of the email is usually empty and the attached file is
usually called PROGRAM.EXE or some other name ending in ".BAT".

If you double-click the attached file, the virus makes entries in your
system registry to ensure that it runs itself the next time you boot your
system.  

The next time you boot, and the virus runs, it displays a black dialog
box containing red text that says:

   "Sorry you have not registered
    Please contact us"

This dialog box also includes a few phone numbers, email addresses,
and instructions for subscribing.  It then sets another registry key,
HKey_Local_Machine\e5zemha.  Several entries are also made in the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key,
which may or may not be associated with actual files created by the
worm.

A second dialog similar to the first may occur five minutes after
being run, this time displaying the following text:

   ZaCker Is N YoUr MaChiNe


***************************************************
* What You Should Do If You Get Infected...
***************************************************
Because the registry keys created are of random names, the best
way to get rid of MalDal.I is to get your antivirus software's
latest updates (updated on or after February 21, 2002).  The
following steps should be taken to remove the virus:

1. Update your antivirus software.
  Because of the complex nature of today's viruses, it would
  be best if you check for and apply antivirus updates at least
  once a day.

2. Do a complete system virus scan with the latest
  antivirus updates.

3. Consider getting a copy of the new "Virus Secrets 2 - Complete
  System Hardening Guide" to harden your system against these new
  types of viruses.

4. At the very least, disable the hiding of file extensions.
  Our "How-To" article for doing this can be found at:

  How-To: disable hiding of file extensions


As with all email worms, prevention is the key.  Whenever a new
virus appears, there is always a period of time where antivirus
software is of no use against it until the antivirus update becomes
available.




Best Regards,
Marc Deschenes, VACM Editor
The VACM Project at
Automated PC Solutions

 

Stop spam with MailWasher

 

*** Be sure to check out the appendix at the end of this alert
if you are having trouble booting your computer into "Safe Mode".
The process is all spelled out for you there.

 

Why should you be very
concerned about Spyware?		 Learn how to avoid Identity Theft and Windows corruption in this
free VACM Video:
     VACM-tested #1 AntiSpyware Software

How did they steal my Identity?

Why do I get so much SPAM ?

Why is your computer
running so slow ?

Today, every PC needs just a few protection softwares. Find out what and why. Visit our Links Page to avoid Indentiry Theft and costly computer repairs.
   VACM Links to Protection Tools and Softwares
Keep your PC Safe and
Avoid a costly trip to the shop...
with these VACM approved tools.

You need 3 things to protect your PC(s) automatically. Use these links to go directly to the Download and Purchase pages:

     

 

 

Old Shotgun Shell Boxes
are collector's items and
worth good money!
 (yes... just the empty boxes)

get your
  ShotShell BlueBook
price guide
now.
 

 

To cancel your subscription to VACM, reply to this email with the word UNSUBSCRIBE in the subject.

If you click on the link below, the "unsubscribe" email will be created for you and you can simply hit "Send" in you email program:

Create My Unsubscribe Email

IMPORTANT: please include the email address at which you are currently receiving VACM Alerts in the body of the message.

 

 

******** APPENDIX - Handy How-To Tips **********


  * How To Boot into Safe Mode

Shut the computer down so that the power is off.

Turn the computer on, wait 1 second and begin pressing the F8 key
on the keyboard, once every second repeatedly. Do this until
the Windows Startup Menu appears. If you get a keyboard
error, press F1 to resume and then continue pressing the
F8 key once every second, or your PC may tell you to press another key for BIOS setup.

Select Safe Mode from the Windows Startup Menu, then press
the Enter key on the keyboard.

Windows will then boot into Safe Mode.
NOTE: This may take longer than a normal boot.

At the end of the boot process a dialog box will appear
informing you that Windows is in Safe Mode. Click OK on this dialog box.

Windows is now in Safe Mode.

If you miss hitting the F8 at the right time, Windows will boot
normally and you will not see the "Safe Mode" message.  In this
case, start from the top of these instructions until you get the
boot menu screen where you can choose "Safe Mode".  This can be
a little tricky the first time you do it.

 

 

 

 

Locations of visitors to this page