Are Mac users (as usual) safe from this?
In other words, is it directed at Windows users, especially those using
On Friday, June 6, 2003, at 10:09 AM, awestber wrote:
> >From our understanding of the virus, the Bugbear infects and
> sometimes replaces legitimate applications such as Acrobat Reader,
> Media Payer, etc with itself. If the virus replaces the original
> file, then original file is deleted and replaced with pure virus.
> In such a case, the application can not be cleaned it must be deleted.
> See the description of the virus at
> [log in to unmask]" target="_blank">http:[log in to unmask]
> Here is a list of the files that it targets:
> Local and network file infection
> Internet Explorer\iexplore.exe
> adobe\acrobat 5.0\reader\acrord32.exe
> Windows Media Player\mplayer2.exe
> Outlook Express\msimn.exe
> Adobe\Acrobat 4.0\Reader\AcroRd32.exe
> MSN Messenger\msnmsgr.exe
> Zone Labs\ZoneAlarm\ZoneAlarm.exe
> Lavasoft\Ad-aware 6\Ad-aware.exe
> On Friday, June 6, 2003, at 09:05 AM, Andrew Hendrickson wrote:
>> Okay, not sure if this is something we can control or not, but the
>> current NAV settings pushed out to clients are way too overzealous.
>> What's happening is that apparently NAV thinks it's unable to clean
>> the BugBear virus from the legitimate Windows files that it gloms
>> onto, thus instead of the usual process whereby the file ends up
>> quarantined, NAV immediately deletes the file after a lame attempt at
>> cleaning it. This means that important Windows files such as Acrobat
>> Reader, Media Player, the Netware client, Notepad, etc, get
>> immediately canned. If we can control this, please shut it off, and
>> put Norton back into quarantine mode before we have literally
>> hundreds of Windows machines rendered inoperable.
>> The free Stinger util from http://vil.nai.com/vil/stinger/ quite
>> handily cleans the virus from all legit Windows files. I don't see
>> why NAV can't do the same?
>> If your machine is infected, pay close attention to what NAV is
>> doing. If you've been infected for a while, legit Windows files will
>> be deleted by NAV.
>> First download Stinger. Then restore those deleted files through the
>> NAV Backup window, then immediately reboot in safe mode (ask your
>> local support tech if you don't know how to do this), which disables
>> NAV, and then run Stinger on a full scan starting at c:\. Stinger
>> will clean the files that NAV wanted to delete and off you go, a hard
>> lesson learned.
>> Andrew Hendrickson
>> Information System Analyst
>> College of A & S Computing Services
>> 479 Main Street, Room 302
>> Burlington, VT 05405-0144
>> (802) 656-7971
>> Fax (802) 656-3018
>> [log in to unmask]
>> For faster service, use our online request system:
> April Westberg
> Computing Analyst
> CIT Client Services
> University of Vermont