Re: [IP] VIRUS ADVISORY
>There is a new virus (email @ redacted) email going around that has
>been fooling a lot of
At the same time I was writing this, one of our members was writing
to me to advise me of this viruses existence. So let's assume that
some of you may have already been hit by this. Hopefully it hasn't
disabled your email and you'll get this message. I spent most of the
morning helping a friend remove it from her computer. It did disable
a lot of the important internet processes on her computer and was
even working against normal mouse function, giving false error
messages. Here is what Symantec writes about their Removal tool for
the email @ redacted virus:
Symantec Security Response has developed a removal tool to clean
email @ redacted infections.
What the tool does
The email @ redacted Removal Tool does the following:
1. Terminates the email @ redacted viral processes.
2. Deletes the email @ redacted files.
3. Deletes the dropped files.
4. Deletes the registry values that the worm added.
1. Download the FixSwen.exe file from:
2. Save the file to a convenient location, such as your downloads
folder or the Windows desktop (or removable media known to be
3. To check the authenticity of the digital signature, refer to the
"Digital signature" section later in this write-up.
4. If you are running Windows Me or XP, then disable System Restore.
Refer to the "System Restore option in Windows Me/XP" section later
in this write-up for further details.
5. Double-click the FixSwen.exe file to start the removal tool.
6. Click Start to begin the process, and then allow the tool to run.
7. Restart the computer.
8. Run the removal tool again to ensure that the system is clean.
9. If you are running Windows Me/XP, then re-enable System Restore.
10. Run LiveUpdate to make sure that you are using the most current
Note: The removal procedure may not be successful if Windows Me/XP
System Restore is not disabled as previously directed, because
Windows prevents System Restore from being modified by outside
When the tool has finished running, you will see a message indicating
whether email @ redacted infected the computer. In the case of a removal
of the worm, the program displays the following results:
Total number of the scanned files.
Number of deleted files.
Number of terminated viral processes.
Number of fixed registry entries
for HELP or to subscribe/unsubscribe, contact: