ASDE - Information Concerning "W32.Erkez.B@mm" Worm (Also known as "Zafi" worm)

"W32.Erkez.B@mm" Worm ("Zafi" Worm) Information

This page is best viewed at 800x600 resolution!

Dear ASDE Internet Customer,

The latest widespread worm that has infected customers on our service is "W32.Erkez.B@mm" (It is also called the "Zafi" worm.) It can infect any computer running a Microsoft operating system (i.e., Windows 95, Windows 98, Windows ME, Windows XP, Windows NT, Windows 2000.) Following are some of the characteristics of the virus.

One of the ways this virus will spread is by email.

The "From" field of the email is spoofed, so the email may appear to have come from an individual you know.

The "Attachment" will have a ".pif" extension.

It can also spread through a network system, to any shared drives.

You must run the email attachment to become infected. So delete the message before opening the attachment.

If your computer is infected with this worm, do not connect to the internet except to view information on removal of this worm. This worm is very aggressive in emailing itself out to other email addresses.

Symantec has a removal tool for this virus. The site to download the removal tool is:

http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.b@mm.removal.tool.html

The name of the removal tool is FxErkezB.exe

Below is the link to Symantec's website which gives more information on the virus. http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.b@mm.html

Following is a summary of what you should do to keep from being infected from this virus (or remove it if already infected) and other viruses:

Set up your email software to so it does not automatically preview your email messages. For instructions on how to close the preview pane in Outlook Express, click on the following URL:

http://www.asde.net/support/win9x/preview/prevpane.html

If you use another email software (other than Outlook Express,) contact the vendor of that software for instructions or use the help feature of that software (if it has one.)
NEVER open an email attachment unless you are expecting an attachment from the individual from whom you received the email. If you receive one, and were not expecting one, contact the person to verify they sent you the attachment and that it is virus free before opening it.
If you suspect you are infected with the "Erkez.B" virus, download and run the removal tool. Click on the link below to go to Symantec's website to download the tool.

W32.ErkezB@mm (The name of the removal tool is: "FxErkezB.exe")
Have a reputable antivirus software installed on your computer.
Update your antivirus software for the latest virus definitions.
Keep your Windows updated by installing all the "CRITICAL" updates from Microsoft.

Sincerely, ASDE Computer Services