VIRUS warning- critical

[MickeyLumbo]

ZOTOB worm spreading quickly across the nation this hour. seems to be exploiting Windows 2000 95 98 ME and XP.

[MickeyLumbo]

Zotob.A is a worm targeting Windows 2000–based systems which takes advantage of a security issue that was addressed by Microsoft Security Bulletin MS05-039. This worm installs malicious software, and then looks for other computers to infect.

Important If you have installed the update released with Security Bulletin MS05-039, you are already protected from Zotob.A. If you are using any supported version of Windows other than Windows 2000, you are not at risk from Zotob.A.

As part of our Software Security Incident Response Process, our investigation has determined that only a small number of customers have been affected, and Microsoft security professionals are working directly with them. We have seen no indication of widespread impact to the Internet. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside of the United States should contact the national law enforcement agency in their country.

Check for Infection

When Zotob.A infects a computer, it attempts to deliver a malicious file named Botzor.exe. If your computer is infected, this file will be present and your registry will show changes. Use any of the following methods to check for infection. (If you find the file, you do not need to check the registry, and vice versa.)

Search your computer for the Botzor.exe file

1.

Click Start, point to Search, and then click For Files and Folders.

2.

Click Use Advanced Search Options. Under Search by any or all of the criteria below, enter the following information:

A. Under All or part of the file name: enter Botzor.exe.

B. Under Look in: click Local Hard Drives.

C. Under More Advanced Options, select Search system folders and Search hidden files and folders.

3.

Click Search.

Look for new keys added to the registry

•In registry key HKLM\Software\Microsoft\Windows\
CurrentVersion\Run added value WINDOWS SYSTEM with data of botzor.exe

•In registry key HKLM\Software\Microsoft\Windows\
CurrentVersion\RunServices added value WINDOWS SYSTEM with data botzor.exe

If Your Computer Is Not Infected

Help protect your computer against Zotob.A by installing Security Update 899588. Find the download link for your version of Windows in Microsoft Security Bulletin MS05-039.

If Your Computer Is Infected

Follow the Zotob.A recovery steps in the Microsoft Antivirus Encyclopedia.

[wendybeth]

Thanks, Mickey!

[Motorboat Cruiser]

Yeah, thanks for the heads up, ML.

[MickeyLumbo]

both WDW and DLR computers were hit today. "the office" was down for several hours this morning. though, i do NOT know if it was related to this virus.

[Name]

In some reports I have read on this virus, worm, if you have XP and have SP2 installed, you have no worries.

[Kevy Baby]

Quote:

Originally Posted by Name

In some reports I have read on this virus, worm, if you have XP and have SP2 installed, you have no worries.

You're also okay if you are happily working on a Mac

Not to rub it in or anything

[DisneyFan25863]

Quote:

Originally Posted by Kevy Baby

You're also okay if you are happily working on a Mac

Not to rub it in or anything

Yup...I've been smoothly surfin the net with no antivirus, no spyware protection, and no firewall (except for the one bulit into my router) for over a year with no problems. Gotta love it!

[MickeyLumbo]

this worm (thanks Name) hit both Anaheim and Orlando resorts in a big way!

[MickeyLumbo]

let me add to the above post that only Networked office computers have been affected at the resorts by the worm.