| Title: | PERSONAL COMPUTER SECURITY |
| Notice: | SWEEP servers Note 5; more info on www-is-security.mso.dec.com |
| Moderator: | BSS::BOREN |
| Created: | Wed Jan 02 1991 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 504 |
| Total number of notes: | 2905 |
I'm looking for information about the MDMA variant virus.
We have recently come upon numerous Pc's in AKO that are
infected with this virus. F-macrow (version 1.02) does
disinfect the virus but when all is said and done, all
icons are missing (except for one, odbc) in Control Panel.
I have been able to recover the majority of the Control
Panel applets by copying back the *.cpl files from a non-
infected machine.
I believe earlier versions of windows let you recover the
control panel with a setup /p switch. This option isn't
available from what I have found so far to restore missing
applets in Windows 95. Any help would be greatly appreciated,
this must be an easier way to deal with this virus....
Mark
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 499.1 | I don't think so ... | TROOA::trp147.tro.dec.com::ACHAN | Arthur Chan @TRO | Thu May 01 1997 22:17 | 14 |
Hello Mark, The payload for the MDMA virus is to delete all .cpl and .hlp files from the hard disk. It is also known to modify some registry entries. Unfortunately, I don't believe there is an easy way to recover from the payload. In order to prevent future infection, may I suggest installing Norton AntiVirus for Windows 95 on the PC's. The real-time detection will catch the virus before it is able to infect the PC. See note 497.0 Regards, Arthur | |||||
| 499.2 | Pointer to more information? | MSE1::SULLIVAN | Mon May 05 1997 15:27 | 5 | |
Does anyone have a pointer to more information on this particular
virus? It appears someone here is infected also and I'd like to look
into this more.
Mark
| |||||
| 499.3 | Some virus libraries ... | TROOA::trp147.tro.dec.com::ACHAN | Arthur Chan @TRO | Mon May 05 1997 15:51 | 10 |
Hi Mark, For more information on the MDMA virus, you can check the Sweep Virus Library for "Winword/MDMA" or visit the following web site: http://www.datafellows.com/vir-info Regards, Arthur | |||||
| 499.4 | MSE1::SULLIVAN | Mon May 05 1997 17:06 | 1 | ||
Thanks Arthur | |||||