Lounge of Tomorrow - View Single Post - VIRUS warning- critical

MickeyLumbo · 08-16-2005, 02:55 PM

Zotob.A is a worm targeting Windows 2000–based systems which takes advantage of a security issue that was addressed by Microsoft Security Bulletin MS05-039. This worm installs malicious software, and then looks for other computers to infect.

Important If you have installed the update released with Security Bulletin MS05-039, you are already protected from Zotob.A. If you are using any supported version of Windows other than Windows 2000, you are not at risk from Zotob.A.

As part of our Software Security Incident Response Process, our investigation has determined that only a small number of customers have been affected, and Microsoft security professionals are working directly with them. We have seen no indication of widespread impact to the Internet. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside of the United States should contact the national law enforcement agency in their country.

Check for Infection

When Zotob.A infects a computer, it attempts to deliver a malicious file named Botzor.exe. If your computer is infected, this file will be present and your registry will show changes. Use any of the following methods to check for infection. (If you find the file, you do not need to check the registry, and vice versa.)

Search your computer for the Botzor.exe file

1.

Click Start, point to Search, and then click For Files and Folders.

2.

Click Use Advanced Search Options. Under Search by any or all of the criteria below, enter the following information:

A. Under All or part of the file name: enter Botzor.exe.

B. Under Look in: click Local Hard Drives.

C. Under More Advanced Options, select Search system folders and Search hidden files and folders.

3.

Click Search.

Look for new keys added to the registry

•In registry key HKLM\Software\Microsoft\Windows\
CurrentVersion\Run added value WINDOWS SYSTEM with data of botzor.exe

•In registry key HKLM\Software\Microsoft\Windows\
CurrentVersion\RunServices added value WINDOWS SYSTEM with data botzor.exe

If Your Computer Is Not Infected

Help protect your computer against Zotob.A by installing Security Update 899588. Find the download link for your version of Windows in Microsoft Security Bulletin MS05-039.

If Your Computer Is Infected

Follow the Zotob.A recovery steps in the Microsoft Antivirus Encyclopedia.

08-16-2005, 02:55 PM	#2
MickeyLumbo thankfully grateful Join Date: Jan 2005 Location: shangrila Posts: 1,388	Zotob.A is a worm targeting Windows 2000–based systems which takes advantage of a security issue that was addressed by Microsoft Security Bulletin MS05-039. This worm installs malicious software, and then looks for other computers to infect. Important If you have installed the update released with Security Bulletin MS05-039, you are already protected from Zotob.A. If you are using any supported version of Windows other than Windows 2000, you are not at risk from Zotob.A. As part of our Software Security Incident Response Process, our investigation has determined that only a small number of customers have been affected, and Microsoft security professionals are working directly with them. We have seen no indication of widespread impact to the Internet. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside of the United States should contact the national law enforcement agency in their country. Check for Infection When Zotob.A infects a computer, it attempts to deliver a malicious file named Botzor.exe. If your computer is infected, this file will be present and your registry will show changes. Use any of the following methods to check for infection. (If you find the file, you do not need to check the registry, and vice versa.) Search your computer for the Botzor.exe file 1. Click Start, point to Search, and then click For Files and Folders. 2. Click Use Advanced Search Options. Under Search by any or all of the criteria below, enter the following information: A. Under All or part of the file name: enter Botzor.exe. B. Under Look in: click Local Hard Drives. C. Under More Advanced Options, select Search system folders and Search hidden files and folders. 3. Click Search. Look for new keys added to the registry •In registry key HKLM\Software\Microsoft\Windows\ CurrentVersion\Run added value WINDOWS SYSTEM with data of botzor.exe •In registry key HKLM\Software\Microsoft\Windows\ CurrentVersion\RunServices added value WINDOWS SYSTEM with data botzor.exe If Your Computer Is Not Infected Help protect your computer against Zotob.A by installing Security Update 899588. Find the download link for your version of Windows in Microsoft Security Bulletin MS05-039. If Your Computer Is Infected Follow the Zotob.A recovery steps in the Microsoft Antivirus Encyclopedia. __________________
	Submit to Quotes