Virus Update(r) - Page 3

 By Jim Freund
Page 3 of 3   |  Back to Page 1
Print Article

The Bottom Line
As you can see, Updater's payload is not extremely harmful, but nevertheless it will compromise the security and integrity of your machine and network. Even though most anti-virus vendors have not (yet) rated Updater as being major threat, you still need to be no less vigilant against any kind of intrusion, since one minor incursion can set a pathway for a major one to get in.

Prevention and Removal
Keep those definitions and security patches up-to-date, and (try to) educate your users about attachments. Make sure you have altered the default behavior in Windows, Outlook, and Outlook Express' default behavior so as not to launch files automatically, and to show the full filename.

To remove the virus from a system manually, open the Registry using RegEdit or a preferred tool and find the keys listed above, and remove any suspicious entries. Then reboot the machine into Command Line mode or by using a clean DOS floppy. Search for the files UPDATER.EXE and look through all .VBS files, and delete the suspicious ones.

To alter the dangerous default behavior in Windows 9x or NT, open Windows Explorer, click View | Option | View, and uncheck the box with the label "Hide file extensions for known file types". In Windows 2000, the same thing can be done under Tools | Folder Options | View.

For more information on handling viruses, read Don't Let Viruses Knock You Out.

Jim Freund is the Managing Editor of CrossNodes.

This article was originally published on Dec 7, 2001
Get the Latest Scoop with Networking Update Newsletter