Details regarding the W32/Xirtem@MM virus
On January 5th it was brought to our attention that there were several
machines infected with the W32/Xirtem@MM virus. Quickly those several
machines turned into well over 100 machines. (Specific technical details
about the virus can be found at the link below.)
Full Technical information
on the W32/Xirtem@MM virus found here
How to identify the emails that contain the virus:
The easiest ways to identify the emails that contain the virus are by
comparing subjects, attachments and From address to the table below. The
other piece that is suspicious is the fact that these emails contain zip
files. Rarely if ever will advertisers include attachments with their
emails, especially in .ZIP format
Subject of
E-mail
| Attachment name | From Address
--------------------------------------------------------------------------------------------------------------------
You've received A Hallmark
E-Card!
| postcard.zip |
postcards@hallmark.com
Coca Cola is proud to announce our new Christmas Promotion. |
promotion.zip |
noreply@coca-cola.com
Mcdonalds wishes you Merry
Christmas!
| coupon.zip
| giveaway@mcdonalds.com
Post infection what to look for:
Post infection you may notice a few strange issues including browser popups, blocked
websites such as myspace, google, youtube, excessive hard drive
activity, slow system performance. The browser popups and
blocked websites are the most easily diagnosed symptoms that something is
wrong. Additional details are included in the link about
Cleaning your home computer:
If you have this virus on your district computer you should alert Technology
Services immediately. However, if you feel you have this virus on
your home PC the basic instructions below should assist you in its removal.
Technology Services is using several methods to clean infected
machines. First of which is to install a product called MaleWare Bytes (Found Here). After
the install make sure you update the software when prompted and do a full
scan. MaleWare Bytes flags the infection as Vundo. Once the scan is
complete make sure you delete any issues MaleWare Bytes finds. A restart
of your computer is probably required during this step.
Next step is to do a full scan with your virus scanner. If you don't
have a virus scanner a free scanner called AVG can be downloaded and installed (Found Here).
Make sure your virus definition files are up to date and do a complete scan of
your system. Your virus scanner should delete any remaining infected
files.
If those methods combined don't clean the infection from your machine you
may have to find professional assistance.