We have a report that a new virus may be making the rounds being distributed via AOL chat.
Details are sketchy so far but we have the following thanks to Alan and Chris.
McAfee deletes the viruses but every time the user logs of and back onto the system it regenerates the batch file.
User gets a chat via AOL
"Checkout this JPEG" with a link
After clicking the link it sends to everyone on their buddy list and creates the file
C:xz.bat
Contents of the file: it is set to disable MS security, firewall
Creates 3 registry entries one of which is a service
Hkey_local_machineSoftwareMicrosoftWindowsCurrent VersionRun
Name :Strtax Data: lock.exe (Delete)
Hkey_local_machineSoftwareMicrosoftWindowsCurrent VersionRun Services
Name :Strtax Data: lock.exe (Delete)
Hkey_UserSoftwareMicrosoftWindowsCurrent VersionRun Services
Name :Strtax Data: lock.exe (Delete)
After deleting those three keys and a reboot the xz.bat file stopped trying to reload itself.
We have plenty of copies! Thanks!