PDA

View Full Version : W32.galil.c@mm



iMartin
10-02-2003, 12:27 AM
W32.Galil.C@mm is a mass-mailing worm that sends itself to the email addresses it finds in the files that have the .htm, .html, .eml, and .txt file extensions. The email will have a variable subject line and attachment name.

This worm sends itself to all the contacts in the Microsoft Outlook address book and MSN Messenger contact list, and it attempts to spread itself through the KaZaA file-sharing network.

This threat is written in the Microsoft Visual Basic programming language and is compressed with UPX.

Type: Worm

Infection Length: 56,614 bytes, 20,992 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX

-How To Remove-

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.


Disable System Restore (Windows Me/XP).
Update the virus definitions.
Restart the computer in Safe Mode or VGA mode.
Run a full system scan and delete all the files detected as W32.Galil.C@mm.
Delete the value that was added to the registry.

More Info Here (http://www.symantec.com/avcenter/venc/data/[email protected])

fkdup74
10-02-2003, 12:35 AM
great, another worm that leaves out all os's and only hits windows.......wtf is it with these assholes?!? anyway, thanksfor the alert

Meehowski
10-02-2003, 12:39 AM
Unbelievable......... B)

Wolfmight
10-02-2003, 12:56 AM
Originally posted by FKDUP74@1 October 2003 - 18:35
great, another worm that leaves out all os's and only hits windows.......wtf is it with these assholes?!? anyway, thanksfor the alert
ever uses windows. :lol:

iMartin
10-02-2003, 01:44 AM
I must be lucky, I've never gotten any of these worms. and my NAV 2004 Pro Update list just updated today, so I'm good for now.

Wolfmight
10-02-2003, 01:59 AM
Originally posted by [-Crono-]@1 October 2003 - 19:44
I must be lucky, I've never gotten any of these worms. and my NAV 2004 Pro Update list just updated today, so I'm good for now.
umm.. cause u have norton antivirus..

iMartin
10-02-2003, 02:20 AM
NAV doesnt stop me from getting them, it just detects if I have downloaded one or one is in my system.

4play
10-02-2003, 02:23 AM
  NAV doesnt stop me from getting them, it just detects if I have downloaded one or one is in my system.

do you run a firewall?

I have not been infected by a worm or virus in a long time mainly because of norton, agnitum outpost and my router.
and a bit of common sense never goes a miss :rolleyes:

iMartin
10-02-2003, 02:27 AM
Originally posted by 4play@1 October 2003 - 20:23
do you run a firewall?
Nope, I don't really need one, cause I'm on dial up, and I feel my NAV 2004 Pro keeps me safe enough. ;)

4play
10-02-2003, 02:35 AM
your wrong that is why you catch these worms ;)

just because your on dial up does not mean that worms are gonna leave you alone does it.

fkdup74
10-02-2003, 04:22 AM
yep, norton alone is NOT 100%, you can still d/l a bug, believe me i know.
and even a fw on top of norton is NOT 100%.
PLZ dont ever think youre absolutely protected!
i just posted the other day about this, regarding the Pup.A trojan.
norton still doesnt have it in its knowledge base.

Rip The Jacker
10-02-2003, 05:03 AM
Thanks for the info. :)

*Updates Symantec AntiVirus Corporate 8*

wormless
10-02-2003, 05:09 AM
Originally posted by FKDUP74@2 October 2003 - 04:22
yep, norton alone is NOT 100%, you can still d/l a bug, believe me i know.
and even a fw on top of norton is NOT 100%.
PLZ dont ever think youre absolutely protected!
i just posted the other day about this, regarding the Pup.A trojan.
norton still doesnt have it in its knowledge base.
maybe cus they not received such a virus to analiyse (cant spell it) and maybe is not a big threat if they know about it,maybe its not a virus ibe never heard off it and norton is my homepage. true bout norton not 100% safe. i downloaded a virus lol and after i installed it norton told me about it so i got rid. lol @me. learn by your mistakes now im carefull what i download.

p.s. mine updated today but i had to restart 4 it to do it