[thelist] odd IE worm or something..

[Michael Pemberton]

Lonnie wrote:

>Michael,
>
>If you *know* this is a virus. And you know what it does and how it
>manifests. And you've seen it before on your brother's PC. Then WHAT IS IT?
>How is it that you know, but the major anti-virus folks don't? What did your
>brother do to get rid of it? If his PC is behind a tight firewall, how did
>this virus infect him?
>
>I'll bet many on this list will forego your tip for a bit more information
>on what you profess to know about this alleged virus and how it relates to
>Tom's problem.
>  
>
Sorry I haven't responded sooner, I often lose track of my own posts and 
end up missing the rest of the conversation.  My boss say's I'm the same 
at work :)

I actually found this again on a PC at work this morning.  Again, behind 
a firewall. and again, I have forgotten the name of the executable.  I 
apologise for not taking note.  But I assure you that the program exists 
and running startup control  panel will allow you to find it.  The 
program is free and I have no affiliation with it's author.  From 
memory, the process that is installed appears in your winnt/windows or 
system32 folder.  One that sounded familiar while doing a google search 
was "savenow.exe".

I apologise for my use of the term "virus".  It is probably more 
appropriate to call it malware.  I have no idea how either of the two 
victims got the software because both ignored it until  I happened to be 
speaking to them some time after they became infected.  Because both 
were heavy users of IE and the internet in general, both saw it is a 
normal popup related problem and not something that can be countered.

As for removing it, my tip was written in such a way as to hopefully 
give steps to solve the problem while also allowing for later reference.

-- 
Michael Pemberton
evolt at mpember.net.au