I am a 3x Entrepreneurs. Love writing code and sharing what I learn everyday as a programmer and an entrepreneur.

June 08, 2007

Know The Most common Virus---Win32/ExploreZip

What is Win32/ExploreZip?

ExploreZip is a Win32-based e-mail worm. It searches for any and all Microsoft Office documents on your hard drive and network drives. When it finds any Word, Excel, or Powerpoint documents using the following extensions: .doc, .xls, and .ppt, it erases the contents of those files. It also emails itself to anyone who sends you an email.

How do I get it?

ExploreZip arrives as an email attachment. The message will most likely come from someone you know, and the body of the message will read:

"I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs."

The attachment will be name: "zipped_files.exe" and have a WinZip icon. Double clicking the zipped_files.exe program infects your computer. You will then see a dialog box displaying the following message:

"Cannot open file: it does not appear to be a valid archive. If this file is part of a ZIP format backup set, insert the last disk of the backup set and try again. Please press F1 for help."

Who's at risk?

People running Microsoft Windows95, Windows98, or WindowsNT are at risk. MacOS and WebTV are immune to the virus.

What exactly does the virus do to my computer?

When the zipped_files.exe program is ran, it creates a copy of itself named explore.exe in your Windows System folder.

On Windows 95/98 systems, the following entry is written to the WIN.INI file:

run=C:\WINDOWS\SYSTEM\Explore.exe

On Windows NT systems, the following entry is written to the system registry:

HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows\run="C:\WINNT\System32\Explore.exe"

Is there a way to tell if I have sent the virus to anyone?

No.

Is there a way that I can clean my computer?

Yes, you can follow these instructions OR download McAfee's free stand-alone ExploreZip cleaner.

-- Begin Instructions --

Win9x

1) Click the Start Menu - Run
2) Type sysedit.exe and click OK
3) Select the C:\WINDOWS\WIN.INI window.
4) look for a line that starts with: run =
remove listings that match either of these:
run=C:\WINDOWS\SYSTEM\EXPLORE.EXE
run=C:\WINDOWS\_SETUP.EXE
5) Close the System Configuration Editor, choose Yes when
prompted to save your changes.
6) Click the Start Menu - Shutdown
7) Choose Restart the computer in MS-DOS mode and click
Yes.
8) When you get a c:\ prompt, type exit and hit enter.
(These last 2 events remove the virus from the computer's
memory)
9) Click the Start Menu - Find -Files or Folders
10) In the Named field, type EXPLORE.EXE and hit enter
11) Delete EXPLORE.EXE
12) In the Named field, type _SETUP.EXE and hit enter
13) Delete_SETUP.EXE
14) In the Named field, type ZIPPED_FILES.EXE and hit enter
15) Delete ZIPPED_FILES.EXE

WinNT

1) Hit Ctrl-Alt-Delete
2) Choose Task Manager
3) Click the Process tab
4) End any process named: explore (not exploreR), zipped_f,
or_setup
5) Click the Start Menu - Run
6) Type REGEDIT and hit enter
7) Locate the following key:
[HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows].
9) Highlight the following key
run=C:\WINNT\System32\Explore.exe and hit the Delete key
on the keyboard
10) Select the Start Menu - Run
11) Type sysedit.exe and click OK
12) Select the C:\WINDOWS\WIN.INI window.
13) Look for a line that starts with: run =
14) remove listings that match either of these
run=C:\WINDOWS\SYSTEM\EXPLORE.EXE
run=C:\WINDOWS\_SETUP.EXE
15) Close the System Configuration Editor, choose Yes when
prompted to save your changes.
16) Click the Start Menu - Shutdown
17) Select Restart and click OK. (Your system will now reboot.)


-- End Instructions --


What can I do to protect myself in the future?

Get a good anti-virus scanning program with active protection. These programs will scan files as they are saved to your computer's storage devices, including incoming email attachments. If you've gotten away without any virus protection so far, then you've been lucky! (or perhaps not and you are just not aware of what's on your machine). With the new propagation methods that have been used by recent viruses, many other viruses, worms, and trojans are sure to surface and spread like wild fire over the next few years.

Network Associates McAfee VirusScan is one of the best and most popular virus scanners on the market. I use McAfee VirusScan. Their automated update and upgrade features are very handy and the program is straightforward and easy to use. Please follow the links bellow to learn more about these programs.



McAfee VirusScan 7.0 (Free after rebate)


Is there anything more I should do?

Yes! These programs can only do their jobs if you keep their virus definitions up to date. A program's virus definition list is basically a text file that contains a list of all known viruses "in the wild" and tells the program how to recognize these viruses. A number of new viruses are discovered every day, so it is recommended that you update your program's virus definitions at least once a month. The first of the month is recommended as most software manufacturers release new virus definitions on that day. A number of the software titles can now be scheduled to update themselves. However, you must be connected to the Internet at the time that they run their updates

3 comments:

  1. one permanent solution to it :-
    LINUX

    Cheers
    ANkIT

    ReplyDelete
  2. Hi, Added a new value add to my blog this weekend - a news widget from www.widgetmate.com. I always wanted to show latest news for my keywords in my sidebar. It was very easy with this widget. Just a small copy paste and it was done. Great indeed.

    ReplyDelete
  3. No need to use your hacking skills.

    You can use the guide in this following site to get you own Rapidshare Premium account for FREE.

    Just click here
    http://adbux-click-to-earn.blogspot.com/

    ReplyDelete