Hi june,
There's an Internet worm that is a typical "Backdoor Trojan", which
gives a remote attacker unobstructed access to your computer. It can
also spread itself across a local network using shared drives. The
worm goes under various aliases, including BackDoor, Acebo, BKDR,
Win32.Acebot and Worm.Newbiero. The worm scans local network IP
addresses and tries to connect to machines it finds by mapping the
hard drives. If a successful connection occurs the worm copies itself
to the hard drive with the name:
\WINDOWS\Start Menu\Programs\StartUp\mssg.exe (note the "mssg")
As this threat seeks open shares, turn off full share to your system
immediately. If you have to use shares, use password protection to
avoid being a future target.
Any up-to-date virus scanner should be able to detect the worm and
help you delete the detected files. For example, at McAfee...
http://vil.mcafee.com/dispVirus.asp?virus_k=99402
If you're running Windows ME/XP, remember that you'll also need to
disable the System Restore Utility to remove the infected files from
the C:\_Restore folder.
Best of luck,
rico |