Virus - Spyware - Spam - Scam - VACM Alerts from Automated PC Solutions
  Automated PC Solutions
      VACM - Virus Alerts for the Common Man
Virus - Spyware - Spam - Scam - VACM Alerts from Automated PC Solutions
  Google
Virus - Spyware - Spam - Scam - VACM Alerts from Automated PC Solutions

GOP-A password stealing virus making the rounds



Greetings from The VACM Team,

In this issue:
------------------------------------
- GOP-A password stealing virus making the rounds


***************************************************
* The Bottom Line...
***************************************************
GOP-A is being reported in significant numbers at The VACM Project.

W32.HLLW.GOP@mm is a mass-mailing worm that copies itself to
your system, sets itself to run each time you reboot, steals
passwords, and emails the virus to everyone in your address books
and in any HTML files it can find on your system and on your local
network.  

GOP arrives as an email, typically with a Chinese subject and a
file attachment that looks like a picture or Word document.  It does
this by using the old file naming trick we have reported in the past.


***************************************************
* What You Should Do...
***************************************************
1. Do not double-click the attachment
2. Set your system to NOT hide file extensions per the "HowTo" article
    at: http://apcsnh.com/vacm/unhidefileext.php
3. Consider getting a copy of our System Hardening Guide at:
    http://virussecrets2.webhop.net/
4. Consider upgrading to Norton Antivurs 2002 since it has excellent
    email scanning capabilities and also keeps itself up to date
    automatically.

***************************************************
* If You Get Infected...
***************************************************
1. Obtain the latest updates for your antivirus software
2. Make sure your anivirus's Manual Scan is set to scan ALL files.
   For instructions on how to do this, refer to your antivirus software's
   online help.
3. Run a full system scan.
4. Delete all files that are detected as W32.HLLW.GOP@mm.
5. Next, do a file search for IMEKernel32.sys on all your drives, and
   delete all occurences of that file.

Next, Edit the registry:

CAUTION: We strongly recommend that you back up your system registry
before you make any changes to it. Incorrectly editing the system registry
can result in permanent data loss or corrupted files.  If you are unsure
how to do these following steps, ask for help from a savvy computer user.

1. Click Start, then click Run.
2. When the "Run" dialog appears, type "Regedit" and click OK.
3. When REGEDIT opens, navigate to the following key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

4. In the right pane, delete the following value:

    IMEKernel32   C:\Windows\System\Kernelsys32.exe

5. Click Registry, and click Exit.




Best Regards,
Marc Deschenes, VACM Editor
The VACM Project at
Automated PC Solutions

 

*** Be sure to check out the appendix at the end of this alert
if you are having trouble booting your computer into "Safe Mode".
The process is all spelled out for you there.

 

Why should you be very
concerned about Spyware?		 Learn how to avoid Identity Theft and Windows corruption in this
free VACM Video:
     VACM-tested #1 AntiSpyware Software

How did they steal my Identity?

Why do I get so much SPAM ?

Why is your computer
running so slow ?

Today, every PC needs just a few protection softwares. Find out what and why. Visit our Links Page to avoid Indentiry Theft and costly computer repairs.
   VACM Links to Protection Tools and Softwares
Keep your PC Safe and
Avoid a costly trip to the shop...
with these VACM approved tools.

You need 3 things to protect your PC(s) automatically. Use these links to go directly to the Download and Purchase pages:

     

 

 

Old Shotgun Shell Boxes
are collector's items and
worth good money!
 (yes... just the empty boxes)

get your
  ShotShell BlueBook
price guide
now.
 

 

To cancel your subscription to VACM, reply to this email with the word UNSUBSCRIBE in the subject.

If you click on the link below, the "unsubscribe" email will be created for you and you can simply hit "Send" in you email program:

Create My Unsubscribe Email

IMPORTANT: please include the email address at which you are currently receiving VACM Alerts in the body of the message.

 

 

******** APPENDIX - Handy How-To Tips **********


  * How To Boot into Safe Mode

Shut the computer down so that the power is off.

Turn the computer on, wait 1 second and begin pressing the F8 key
on the keyboard, once every second repeatedly. Do this until
the Windows Startup Menu appears. If you get a keyboard
error, press F1 to resume and then continue pressing the
F8 key once every second, or your PC may tell you to press another key for BIOS setup.

Select Safe Mode from the Windows Startup Menu, then press
the Enter key on the keyboard.

Windows will then boot into Safe Mode.
NOTE: This may take longer than a normal boot.

At the end of the boot process a dialog box will appear
informing you that Windows is in Safe Mode. Click OK on this dialog box.

Windows is now in Safe Mode.

If you miss hitting the F8 at the right time, Windows will boot
normally and you will not see the "Safe Mode" message.  In this
case, start from the top of these instructions until you get the
boot menu screen where you can choose "Safe Mode".  This can be
a little tricky the first time you do it.

 

 

 

 

Locations of visitors to this page