[LINK] Fwd: Important notice from Telstra BigPond -- VIRUS

Eric Scheid eric@ironclad.net.au
Tue, 19 Sep 2000 21:30:00 +1100 

Ah great :-( No wonder the connection has been dropping all day. 

No direct mention of which OS is susceptible, leaving the ignorant to 
think this is a generic computer problem and not a specific OS problem.

Hey: Billy is in town, I wonder what he has to say about this?

---------------- Begin Forwarded Message ----------------
Date:        19/9/00 5:28 PM
Received:    19/9/00 9:00 PM
From:        helpdesk@bigpond.net.au

Dear BigPond Customer,

It has been recently discovered that a virus has been spreading itself 
between customers on the BigPond network and has been responsible for 
increased traffic and performance degradation on some customer's service. 
The name of the virus is "qaz trojan" or "qaz worm" and it propagates 
around the network through shared hard drives. Investigations from our 
logs reveal many Melbourne and Sydney customers have already been 
infected, and complaints from Brisbane customers are on the increase.

It is vital for the security of your PC, the security of other customers, 
and for the quality of the BigPond service, that a high quality, 
up-to-date virus detector is used to remove this virus if detected. Only 
the latest virus definitions from the various vendors will detect it. 
Please ensure your PC (and any other PCs connected to the internet) are 
free from this virus.

More information on this virus can be found at...

http://www.symantec.com/avcenter/venc/data/w32.hllw.qaz.a.html
http://vil.mcafee.com/dispVirus.asp?virus_k=98775&
http://www.vet.com.au/html/vvcc/anti-virus/zoo/descriptions/qaz.htm

To get a better understanding of what this virus is, Norton's AV removes 
it with the following steps: 
1. Scan with Norton AntiVirus and delete all files detected as 
W32.HLLW.Qaz.A or az.Trojan.
2. Search for a file called note.com and rename it to notepad.exe.
3. Remove the following regitstry key:
   HKLM\Software\Microsoft\Windows\CurrentVersion\Run as value 
StartIE=notepad.exe
4. Scan all other computers on the network to find all other infections 
and repeat the above steps if infections are found.
5. Password-protect or unshare word-writable shares to prevent future 
infections.

Please direct any further questions to the abuse email listed below.

Thank you
Big Pond Advance Security
abuse@bigpond.net.au

----------------- End Forwarded Message -----------------

______________________________________________________________________
eric@ironclad.net.au                 i r o n c l a d   n e t w o r k s
genius for hire                            http://www.ironclad.net.au/