A new virus called Goner

[Guest guest]

A new virus called " Goner " (actually referred to as w32.Goner.A@mm in geekspeak)

has been reported on some internet websites, including Symantec's own website,

who has issued an emergency bulletin regarding this powerful email virus.

According to Symantec's own database regarding this virus:

W32.Goner.A@mm is a mass-mailing worm that is written in Visual Basic. The worm

has been compressed using a known Portable Executable (PE)* file compressor. The

worm can spread its infection using the ICQ network as well as by email using

Microsoft Outlook. If IRC is installed, this worm can also insert mIRC scripts

that will enable the computer to be used in Denial of Service (DOS) attacks.

Basically, this Virus has very high potential to really cause some damage to

your machine if you get it. It can spread through Outlook Email, through ICQ,

or through mIRC clients if you use IRC services. If you DO use IRC - be

careful, as this virus can open your computer to outside attacks and ultimately

cause it to crash.

Damage:

a.. Payload: Upon execution (meaning once you receive the email and click on

the file attachment with the email - the attachment is approx. 39k in size)

a.. Large scale e-mailing: Send itself to all users in Outlook Address Books

(similar to what the last major virus - Nimda - did to our machines)

b.. Deletes files: Attemps to delete several files, including NAV (THIS

VIRUS DELETES NORTON ANTI-VIRUS FROM YOUR MACHINE SO THAT YOU CANNOT REMOVE IT

EASILY - BE EXTREMELY CAREFUL IF YOU RECEIVE AN EMAIL W/ THE INFORMATION LISTED

BELOW!)

Distribution:

a.. Subject of email: Hi

b.. Name of attachment: Gone.scr (the actual virus is masked as a screensaver

- it will show you an 'about' screen and while it shows you that, it will run

and install itself into your machine)

c.. Size of attachment: 38,912 bytes

Removal instructions:

To remove this worm, you must first reverse the changes that the worm made to

the registry, restart the computer, reinstall NAV, and then run a full system

scan and delete all infected files. (This means you should check the link at the

bottom of the page and follow the instructions on how to access the registry and

make the needed changes to your system before attempting to finally remove this

virus. If it's too tough for ya - ask an engineer/tech person for help =)

--------------------------------------------------------------------------------

Taken from Ananova.com :

http://www.ananova.com/news/story/sm_465446.html?menu=news.technology

Email virus 'worse than lovebug'

Anti-virus company MessageLabs says the Goner computer virus is spreading almost

as fast as the lovebug virus.

The company's anti-virus technologist, Shipp, said the company saw 32,500

copies of the email screensaver stopped around the world.

The email causes disruption through Microsoft Outlook and has a message which

reads: " When I saw this screensaver I thought of you. "

Shipp said the first copy they saw was from the US but added it may have

originated in Europe.

He said: " We have seen it coming from lots of companies in the UK and a lot of

big ones have been badly affected. "

He said the cost to affected companies will be big because the email removes

anti-virus software which will have to be replaced.

Mr Shipp added the virus got a hold before software picked it up.

He said: " It will be really big for the rest of today and perhaps for tomorrow,

and then it will be over. "

--------------------------------------------------------------------------------

Also - for more information on this virus, and a comprehensive checklist on what

to do IF you do have this Virus - please check the link below regarding exactly

what " Goner " can do - I believe at this point it has not taken much effect over

US computer systems yet, but it may - so please watch your inboxes for any

suspicious emails. The link below also gives you specific indicators on how to

diagnose whether your machine is infected or has encountered

http://securityresponse.symantec.com/avcenter/venc/data/w32.goner.amm (DOT) html