Generic Anti-Virus Defence Network Bureau News Articles On-line Real Time Protection
Multi-tiered Security Solution
Defence Network Home Company Profile Support Downloads Solutions News Articles Enquiries
Reduces legal liability
Blocks First Strike of Viruses

MyLife Worm, 9/7/03
 

Propagation: Mylife is a mass-mailer worm that spreads through e-mail attachment. The e-mail subject line is either Fwd: Julia Roberts or Old Shakira and the attachment pretends to be a video clip, with a visibly bogus extension, MPEG_.SCR

When the attachment is opened, the worm then copies itself to the Windows system directory, and registers itself as [Win32] in the 'machine run' section of the registry. Interceptor blocks the bogus attachment from being opened, and if you insist on it, then IV's SAM will kick in when the worm adds the 'Win32' key to the startup list.

When active, the worm sends a copy of itself to every correspondent in the Outlook Express address book.

Damage: If the worm file is opened during the last nine minutes of every hour, by either running the infected e-mail attachment, ot starting Windows on an infected computer, then the worm payload will trigger and delete all files in the system directory, all SYS files in the Windows directory, and the entire content of drives D: to F:, if these drives exist.

Cleaning: To clean an infected computer, proceed as follows:

On detection of the MyLife worm, power down the computer immediately, but orderly, to prevent the payload from activating.

From a clean computer, download the xMyLife removal tool, and save it to a floppy. The removal tool does the following:

  • It removes the [Win32] entry from the registry
  • It deletes the worm files from the system directory

If running under Windows 95/98: Start the computer into command prompt only mode, by aid of tapping the F8 key when starting, and when at the C: prompt, run A:XMYLIFE

If running under Windows 2000/XP: Start the computer into safe mode with command prompt, by aid of tapping the F8 key when starting, and when at the C: prompt, run A:XMYLIFE. You must have administrative rights to clean from Mylife, on XP/W2000.

If running under Windows ME or NT4: Read the first part of the 'General cleaning method' to learn how to get into the correct mode for running the Mylife removal tool.

Under no circumstances, do not start Windows on a computer suspected to have MyLife, before having removed the worm as explained above.

Back

Site Extras...
 

to keep Network Defence near by
 
     

Home | Company Profile | Support | Downloads | Solutions | News Articles | Enquiries
© Network Defence 2006  Email support@defence.net.nz   Tel +64 09 414 0789