W97M_SUPPL/TROJ_SUPPL
AKA
TROJ_SUPPL, W97M/SUPPL, W32/SUPPL, SUPPL

Tell A Friend about this Page Tell me when this page is updated Link to us Our Sponsor

163 hours until destructive payload activates If you receive an email with an attachment  called SUPPL.DOC, DO NOT OPEN the attachment.  Delete it immediately.    This new virus is distributed via e-mail in an empty Word 97 document. Upon opening the SUPPL.DOC file, W97M_SUPPL activates and copies itself to the Windows directory (as ANTHRAX.INI). Once an infected system is rebooted, TROJ_SUPPL starts to spread itself  by attaching the SUPPL.DOC file to every outgoing message. After a system has been infected for 163 hours, TROJ_SUPPL runs its destructive payload, which tries to open all files with the DOC, XLS,.TXT, RTF, DBF, ZIP, ARJ and RAR extentions and truncate them.    This Word macro virus does not infect any files but exhibits a trojan behavior; it drops the following files: ANTHRAX.INI, DLL.LZH and DLL.TMP. Upon execution, it produces a copy of itself named ANTHRAX.INI. It creates a backup of WININIT.INI if existed and overwrites the original. All of these files are found in c:\WINDOWS directory. Every email message that is sent via an SMTP e-mail client will have the attachment called "SUPPL.DOC" (the mother dropper). During system reboot, the original WSOCK32.DLL is renamed WSOCK33.DLL and the dropped file DLL.TMP becomes WSOCK32.DLL, henceforth going back to malfunction when this .DLL file is used by the system. The contents of the new WININIT.INI file after execution and before rebooting are as follows: [Rename] nul=DLL.lzh C:\WINDOWS\SYSTEM\wsock33.dll=C:\ WINDOWS\SYSTEM\wsock32.dll C:\WINDOWS\SYSTEM\wsock32.dll=C:\WINDOWS\DLL.tmp After system reboot, the existing WININIT.INI and DLL.LZH are automatically deleted. To remove the virus, delete the existing WSOCK32.DLL first and rename WSOCK33.DLL as WSOCK32.DLL. Then, delete the following dropped files in the system (if found): DLL.LZH, DLL.TMP., SUPPL.DOC and ANTHRAX.INI.

[an error occurred while processing this directive]

Howdy!!! Welcome to the McCann's PooR Farm I'm not with any school or schools, Just a disable grandpa with 17 grand kids, 1 Great grand Kid   Sorry! about all of the adds, Our Cost just keeping going up. Please click on one of them and help us out. or Send $1.00 U.S. to: McCann's Poor Farm 20509 Lawrence 2207 Aurora, Mo. 65605-7275 Thank You, Junior McCann Webmaster and the GrandKids   See what the experts have to say about the McCann's Poor Farm Web Page   Legal Disclaimer - We Are in no way connected with any School and or Companies linked to this page. Links are provided as a courtesy only.

Where Visitors Come From: Argentina, Australia, Austria, Belarus, Belgium, Bermuda, Brazil, Brunei Darussalam, Bulgaria, Canada, Chile, Columbia, Costa Rica, Croatia, Croatia/Hrvatska, Czech Republic, Denmark, Dominican Republic, Ecuador, Egypt, Estonia, Finland, France, Germany, Ghana, Greece, Hong Kong, Hungary, Iceland, India, Indonesia, Ireland, Israel, Italy, Japan, Jordan, Korea, Korea, Republic of, Latvia, Lebanon, Lithuania, Luxembourg, Macedonia, Malaysia, Mexico, Moldova, Netherlands, New Calendonia, New Zealand, Norway, Old style Arpanet, Papua New Guinea, Peru, Philippines, Poland, Portugal, Romania, Russian Federation, Saudi Arabia, Singapore, Slovakia, Slovenia, South Africa, South Korea, Spain, Sweden, Switzerland, Taiwan, Thailand, Turkey, Uganda, Ukraine, United Arab Emirates, United Kingdom, United States, Uruguay, USA Government, USA Military, Viet Nam

Tell A Friend about this Page

Tell me when this page is updated

Home Schools Links Virus List Add a School Change a Link Dead Link Scholarships Financial Aid Free E-mail Guestbook Cool Links Tell A Friend

Put a Link on your Web Page - Legal Disclaimer - This Website Is For Your Entertainment Purposes Only! We Are in no way connected with any School and or Companies linked to this page. Links are provided as a courtesy only.   http://www.poor-farm.com/ webmaster@poor-farm.com McCann's PooR Farm Aurora, Mo. 65605 © 2001