Automated PC Solutions
VACM - Virus Alerts for the Common Man

get it now:   #1 AntiSpyware    #1 AntiVirus    #1 Personal Firewall      
   
      VACM Home      VACM Links      APCS Home     
            bookmark this page: Bookmark this page on Delicious...

Phony email from Microsoft is a Worm

  Your old boxes are worth CASH $$...   Click to learn more... 
 

Electronics
Bargains

 


VACM Home
  VACM How-To Movie:   Learn how to Remove Spyware from your PC for free (really!).   Click to Watch the video.  


Greetings from The VACM Team,

In This Issue:
----------------------
- Phony email from Microsoft is a Worm


***************************************************
* The Bottom Line...
***************************************************
There is an email making the rounds which appears to be from
"Microsoft Corporation Security Center" with a subject line of
"Internet Security Update".

The email has an attachment which the email describes as being
the "1 Mar 2002 Cumulative Patch" for IE.  The attached file is
typically named "Q216309.exe".

There is no such patch from Microsoft and furthermore,
Microsoft never emails its patches- they are posted to Microsoft's
web pages.

The bogus email is actually the GIBE email worm.  The GIBE worm is
written in Visual Basic, and, if run, appears to be a valid install
of a patch from Microsoft.  GIBE, however, will email itself to
everyone in your address book and install a backdoor component on
your system which allows the virus writer to access your system
remotely.


***************************************************
* What You Should Do...
***************************************************
1. Do not run the attached file
2. Delete the email


***************************************************
* If You Get Infected...
***************************************************
Obtain the latest updates for your antivirus software and do a
full system scan.

Windows/ME additional problems:
----------------------------------
Because Windows/ME backs up system files, this virus may well be
backed up along with other system files and your antivirus software
will be unable to remove the virus unless you do the following:

1. Right click My Computer on the Desktop, and choose Properties.
2. Click the Performance Tab.
3. Click the File System button.
4. Click the Troubleshooting Tab.
5. Put a check mark next to "Disable System Restore".
6. Click the Apply button.
7. Click the Close button.
8. Click the Close button again.
9. You will be prompted to restart the computer. Click Yes.
    NOTE: The Restore Utility will now be disabled.
10. Restart the computer in Safe Mode.
11. Run a complete virus scan to delete all infected files, or browse
       the file's located in the C:\_Restore folder and remove the files.
12. After removing the virus files, restart the computer normally.
13. Re-enable the Restore Utility by doing steps 1-9 and on step 5
       remove the check mark next to "Disable System Restore".

***************************************************
* Manaully removing the virus...
***************************************************
If you need to manually remove the virus for some reason, you will
need to boot to pure DOS and delete the following files from your
Windows folder:

  Q216309.exe - a copy of the file dropper
  BcTool.exe - the mass-mailing component
  WinNetw.exe - e-mail address searching component
  GfxAcc.exe - backdoor component
  Vtnmsccd.dll - a copy of a dropper
  MSWinsck.ocx - standard Winsock library

The easiest way to boot to pure DOS would be to use a DOS boot
diskette.  Please note, that there are also registry entries that
the virus created.  If you are familiar with the REGEDIT tool and
confident in your ability to use it correctly, first backup your
registry and then perform the following steps:

1. Click the Start button, then "Run"
2. In the Run dialog box, type "regedit" and click OK.
3. In the Registry Editor, navigate to the key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

4. In the right pane, delete the following values:

LoadDBackUp C:\Windows\BcTool.exe
3Dfx Acc C:\Windows\GFXACC.exe

5. Next, navigate to the following key and delete it

HKEY_LOCAL_MACHINE\Software\AVTech

6. Close the Registry Editor and reboot your system




Best Regards,
Marc Deschenes, VACM Editor
The VACM Project at
Automated PC Solutions

 

 

*** Be sure to check out the appendix at the end of this alert
if you are having trouble booting your computer into "Safe Mode".
The process is all spelled out for you there.

 

Why should you be very
concerned about Spyware?		 Learn how to avoid Identity Theft and Windows corruption in this
free VACM Video:
     VACM-tested #1 AntiSpyware Software

How did they steal my Identity?

Why do I get so much SPAM ?

Why is your computer
running so slow ?

Today, every PC needs just a few protection softwares. Find out what and why. Visit our Links Page to avoid Indentiry Theft and costly computer repairs.
   VACM Links to Protection Tools and Softwares
Keep your PC Safe and
Avoid a costly trip to the shop...
with these VACM approved tools.

You need 3 things to protect your PC(s) automatically. Use these links to go directly to the Download and Purchase pages:

     

 

 

Old Shotgun Shell Boxes
are collector's items and
worth good money!
 (yes... just the empty boxes)

get your
  ShotShell BlueBook
price guide
now.
 

 

To cancel your subscription to VACM, reply to this email with the word UNSUBSCRIBE in the subject.

If you click on the link below, the "unsubscribe" email will be created for you and you can simply hit "Send" in you email program:

Create My Unsubscribe Email

IMPORTANT: please include the email address at which you are currently receiving VACM Alerts in the body of the message.

 

 

******** APPENDIX - Handy How-To Tips **********


  * How To Boot into Safe Mode

Shut the computer down so that the power is off.

Turn the computer on, wait 1 second and begin pressing the F8 key
on the keyboard, once every second repeatedly. Do this until
the Windows Startup Menu appears. If you get a keyboard
error, press F1 to resume and then continue pressing the
F8 key once every second, or your PC may tell you to press another key for BIOS setup.

Select Safe Mode from the Windows Startup Menu, then press
the Enter key on the keyboard.

Windows will then boot into Safe Mode.
NOTE: This may take longer than a normal boot.

At the end of the boot process a dialog box will appear
informing you that Windows is in Safe Mode. Click OK on this dialog box.

Windows is now in Safe Mode.

If you miss hitting the F8 at the right time, Windows will boot
normally and you will not see the "Safe Mode" message.  In this
case, start from the top of these instructions until you get the
boot menu screen where you can choose "Safe Mode".  This can be
a little tricky the first time you do it.

 

 

 

 

Locations of visitors to this page