posted on July 13, 2001 12:38:33 PM
My mother (in her late 60's and totally computer illiterate) says that while she was playing solitare McAfee popped up and said it had discovered "win32/parvo" virus.
The little research I can find on this virus says its a windows95 virus, and my mom has a new 800 mz computer with Windows ME. Being computer illiterate she cannot get McAfee to run a total scan, so I guess I'll drive 6 hours round trip and work on her computer this weekend.
I'll make this ebay related by saying that I guess I'll look for antivirus software on ebay.
Anyone have any idea what this virus is and what it does? I assume that Friday the 13th has something to do with this popping up, as I warned her and warned her about opening attachments, and she won't even open my attachments without calling me first.
posted on July 13, 2001 01:11:44 PM
or she could call the pay support line at mcafee and have them walk her thru it, nortons like line charges 35 bucks.i've used it once or twice...those damn brittney spears virsuses will get ya every time........
[ edited by skeetypete on Jul 13, 2001 01:12 PM ]
posted on July 13, 2001 01:14:57 PM
This is the best I could find right now.... I'll keep looking though:
http://www.symantec.com/avcenter/venc/dyn/9667.html
posted on July 13, 2001 01:28:22 PM
PE_PARVO
(continued from profile page)
In the wild: No
Trigger condition 1: Upon execution
Payload 1: Others (sends itself via email to an address)
Detected by pattern file#: 532
Detected by scan engine#: 5.170
Language:
English
Platform: Windows 9x/NT
Encrypted: Yes
Size of virus: 14,723 Bytes
Details:
When the virus is executed, it first decrypts the rest of its code by executing a decryption loop. Then the virus scans Windows kernel to obtain the address of some API functions that it needs.
This virus only infect files whose filename matches any one of the following:
IEXPLORE.EXE, I NSTALL.EXE, NETSCAPE.EXE, NOTEPAD.EXE, SETUP.EXE, WINZIP32.EXE and TELNET.EXE.
This virus is not memory resident. However, it looks for the selected files mentioned above in the current directory, the Windows directory and the Windows system directory. The virus also looks for the directory of the Internet browser and the email reader from the Windows registry and infects these directories also.
To infect files, this virus does not modify the Entry Point Address, but replaces the first four bytes of the file’s entry point by a ‘jump to virus body’. The virus then appends itself at the end of file and increases the size of the last section.
It is reported that this virus also sends a copy of itself to a random email address obtained by linking to newsgroups and searching for the FROM string. The attachment to this email could be any one from the following:
MSEFIXI.EXE, LSERIAL.EXE and HOTEENS.EXE.
After sending the email, the virus returns control to the host program.
posted on July 13, 2001 01:51:38 PM
I printed those pages. Thanks. I guess I'm going to show my ignorance, but how does one run a computer in "safe" mode?
