荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: jjksam (冷清), 信区: Virus
标 题: Claire.821(alias: COM.TSR.CRYPT.Virus)
发信站: 荔园晨风BBS站 (Sat Dec 29 10:16:47 2001), 转信
Virus Name Risk Assessment
Claire.821 Medium
Virus Information
Discovery Date: 08/01/1996
Origin: None Known
Length: 746 - 821 Bytes
Type: Virus
SubType: File Infector
Minimum Dat: 4002
Minimum Engine: N/A
DAT Release Date: 12/02/1998
Description Added: 08/15/1996
Description Menu
Virus Characteristics
Symptoms
Method Of Infection
Removal Instructions
Variants / Aliases
Rate this page
Print This Page
Virus Characteristics
Claire is a memory resident, encrypted, file infecting virus which infects .COM
files by writing itself to their ends. The virus can intercept WriteHandle DOS
procedures and will replace the text strings with 'Claire'. While in memory
the virus hooks interrupt 21h.
Top of Page
Symptoms
The virus contains the string:
Claire J, my love for you is absolute. (c) 1993 Scorpio / XDi
Infected files will increase in length from 746 to 821 Bytes.
Top of Page
Method Of Infection
The only way to infect a computer with a file infecting virus is to execute
an infected file on the computer. The infected file may come from a multitude
of sources including: floppy diskettes, downloads through an online service,
network, etc. Once the infected file is executed, the virus may activate.
Top of Page
Removal Instructions
All Users:
Script,Batch,Macro and non memory-resident:
Use current engine and DAT files for detection and removal.
PE,Trojan,Internet Worm and memory resident:
Use specified engine and DAT files for detection. To remove, boot to MS-DOS
mode or use a boot diskette and use the command line scanner:
SCANPM /ADL /CLEAN /ALL
Additional information for Windows ME users:
NOTE: Windows ME utilizes a backup utility that backs up selected files
automatically to the C:\_Restore folder. This means that an infected file could
be stored there as a backup file, and VirusScan will be unable to delete these
files. These instructions explain how to remove the infected files from the
C:\_Restore folder.
Disabling the Restore Utility
1. Right click the My Computer icon on the Desktop, and choose Properties.
2. Click on the Performance Tab.
3. Click on the File System button.
4. Click on the Troubleshooting Tab.
5. Put a check mark next to "Disable System Restore".
6. Click the Apply button.
7. Click the Close button.
8. Click the Close button again.
9. You will be prompted to restart the computer. Click Yes.
NOTE: The Restore Utility will now be disabled.
10. Restart the computer in Safe Mode.
11. Run a scan with VirusScan to delete all infected files, or browse the
file's located in the C:\_Restore folder and remove the file's.
12. After removing the desired files, restart the computer normally.
NOTE: To re-enable the Restore Utility, follow steps 1-9 and on step 5 remove
the check mark next to "Disable System Restore". The infected file's are
removed and the System Restore is once again active.
AVERT Recommended Updates:
* Office2000 Updates
* Malformed Word Document Could Enable Macro to Run Automatically
(Information/Patch)
* scriptlet.typelib/Eyedog vulnerability patch
* Outlook as an email attachment security update
* Exchange 5.5 post SP3 Information Store Patch 5.5.2652.42 - this patch
corrects detection issues with GroupShield
For a list of attachments blocked by the Outlook patch and a general FAQ, visit
this link.
Additionally, Network Administrators can configure this update using an
available tool - visit this link for more information.
It is very common for macro viruses to disable options within Office
applications for example in Word, the macro protection warning commonly is
disabled. After cleaning macro viruses, ensure that your previously set options
are again enabled.
Top of Page
Variants
Name Type Sub Type Differences
Claire.746 Virus File Infector
Top of Page
Aliases
Name
COM.TSR.CRYPT.Virus
--
╱▉ ____ ____ ● ● ╱▉ __▃_
╱__▉ ▉__ ▉ ▉ ▉ ╱__▉ ▉╱ ▉
__╱ ▉ __▉_▉___▉_▉___╱ ▉_▉ ▉_
─────────────────────────
※ 来源:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.0.146]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店