"Norton Anti-Virus Programs"
or it is at: http://www.symantec.com/avcenter/hoax.html

"CIAC"
or the page is at: http://www.ciac.org/ciac/CIACHoaxes.html

Another reliable one is: "MYTHS"
or it is at: http://www.kumite.com/myths/

Another very good and well known one: "DATAFELLOWS"
or it is at: http://www.datafellows.com/news/hoax/

And last but not least.. Dr. Solomon's (another well known one) at: "DR. SOLOMON'S"
or it is at: http://www.drsolomon.com/vircen/index.cfm

HACKERS INFORMATION
http://antionline.com/fight-back/
"HACKERS INFORMATION" Everyone should check this site out!

******************************************************

"UPDATE APRIL 8TH, 2000" "2 NEW ONES AGAIN!

*****************************************************

Happy99

It would seem as if the Happy99 virus is on the rampage again. In the last week, we (Straight Talk) have received notices from 83 of our members who have either received the virus or found it on their computers. This notice is sent simply as a reminder about Happy99 and how careful we must be in receiving attachments. To familiarize yourself further, follow this link. There are also instructions here on disabling the virus if you should find it on your system.

http://vil.nai.com/vil/vpe10144.asp
"DISABLING HAPPY 99 VIRUS"

************

HLLT.Irok.10000

This virus was posted by Avert Research Center on March 29, 2000, with a risk assessment of medium. We (Straight Talk)have reported some of it's activity in that we have received the virus approximately 30 times from different members computers. Once again in slight disagreement with Avert, we feel the risk assessment should be raised to high.

Protect yourself. You may receive mail with an attachment even from someone you know with the subject line "I thought you might like to see this".

If the message in the body of the e-mail is: "I thought you might like to see this. I got it from paramount pictures website. It's a startrek screen saver."DO NOT OPEN THE ATTACHMENT!

DELETE IT and then delete it from your deleted files if your mail program allows this.

For more info on this virus, Avert Research Center has it listed at http://vil.nai.com/villib/dispVirus.asp?virus_k=98552
"I THOUGHT YOU MIGHT LIKE IT - STARTREK SCREENSAVER"

*****************************************************

UPDATE!!!!!!!!!

W32/Pretty.worm.unp

This alert is to inform you that the risk assessment for W32.Pretty.worm.unp, alias Pretty Park, has been raised to "High" by Avert Labs. If you are not familiar with this worm, please click this link for the best info http://vil.nai.com/vil/wm98500.asp . "Link". Removal instructions are on the page as well.Be careful what you open or download.

****************************************************

"THIS IS AN OLD VIRUS BUT A FRIEND OF A FRIEND GOT HIT WITH IT THE OTHER DAY - SO... READ!!!!"

Virus Name Clonewar.923 or Hey You

Date Added 6/15/91

Virus Characteristics Clonewar.923 is a memory resident, file infecting virus. It infects .COM and .EXE files, including COMMAND.COM.

Upon infection, Clonewar.923 becomes memory resident at the top of system memory but below the 640K DOS boundary. Interrupt 21 are hooked by the virus in memory.

Once Clonewar.923 is memory resident, it infects .COM and .EXE files as they are executed.

Additional Comments: The 923 virus was received in June, 1991. Its origin is unknown. 923 is a memory resident generic infector of .COM and .EXE programs, it will infect COMMAND.COM. The first time a program infected with 923 is executed, 923 will install itself memory resident at the top of system memory but below the 640K DOS boundary. Total system and available memory, as indicated by the DOS CHKDSK program, will decrease by 944 bytes. Interrupt 21 will be hooked by the virus in memory. Once 923 is memory resident, it will infect .COM and .EXE programs when they are executed. If COMMAND.COM is executed, it will become infected. Programs infected with 923 will increase in size by 923 to 942 bytes with the virus being located at the end of the infected file. This virus does not alter infected files' date and time in the disk directory. Programs infected with 923 will contain the following message which is part of the viral code: "Hey, YOU !!! Something's happening to you ! Guess what it is ?! HA HA HA HA" This message may be displayed when the user attempts to execute a program. When the message is displayed, the program the user was attempting to execute will be terminated and the user returned to a DOS prompt.

Indications Of Infection Total system and available memory decreases by 944 bytes. Files infected with Clonewar.923 increase in size by 923 to 942 bytes. The virus is located at the end of the infected file. This virus does not alter infected files' date and time in the disk directory.

Files infected with Clonewar.923 contain the following message which is part of the viral code:

"Hey, YOU !!! Something's happening to you ! Guess what it is ?! HA HA HA HA"

This message may be displayed when the user attempts to execute a file. When the message is displayed, the file the user was attempting to execute is terminated and the user is returned to a DOS prompt.

Method Of Infection The only way to infect a computer with a file infecting virus is to execute an infected file on the computer. The infected file may come from a multitude of sources including: floppy diskettes, downloads through an online service, network, etc. Once the infected file is executed, the virus may activate.

Virus Information
Discovery Date: 6/1/91
Origin: Unknown
Length: 923 Bytes
Type: File Infector
Prevalence: Rare

Variants
Clonewar.923.C
Clonewar.923.D
Clonewar.923.E
Clonewar.923.F
Clonewar.923.G
Clonewar.923.H

Aliases
Hey You
Hellspawn.923

You should be aware that there are a lot more variants of this virus than are mentioned above. This is an older message. There are at least 2 more Clonewar.923 variants (B and Bx I believe). There are 3 more Hey You's (Hey You x and another one and it's partner with an x) and there are at least a half dozen more Hellspawn.923's....

BE SURE TO UPDATE YOUR ANTI-VIRUS PROGRAM WEEKLY OR EVERY SECOND WEEK!

*****************************************************

FEBRUARY 25TH, 2000
!!!!IMPORTANT!!!!
THIS ONE IS NOT A CARTOON FROM YOUR FAVOURITE TV SHOW!!!!!!!

W32/Pretty.worm.unp

W32/Pretty.worm.unp is the unpacked edition of the original "W32/Pretty.worm" Internet worm. AVERT has upgraded its risk assessment from low to MEDIUM--ON WATCH, due to a significant increase in prevalence. It infects Windows 95/98/NT systems. W32/Pretty.worm.unp arrives via email from affected users who have also run this Internet worm. It appears as an attachment titled "Pretty Park.exe", with the icon of a character from the animated television series "South Park".

This worm will try to email itself automatically every 30 minutes to all email addresses listed in the Internet address book.

It will also attempt to connect to an IRC server and join a pre-determined IRC channel in such a way that the worm's author could use the IRC connection to retrieve such information as the computer name, registered owner, registered organization, system root path, and Dial Up Networking username and passwords.

For more information on this worm, please follow this link.
http://vil.nai.com/vil/wm98500.asp

NOTE: I HAVE RECEIVED THIS VIRUS A FEW TIMES NOW FROM DIFFERENT SOURCES. PLEASE READ THIS INFO PAGE ON A SEMI REGULAR BASIS AND BOOKMARK SOME OF THE SITES ABOVE AND CHECK THEM ALSO. I HAVE NOT OPENED ANY OF THE EMAIL'S I'VE RECEIVED CONTAINING THIS VIRUS SO I HAVE BEEN LUCKY. OBVIOUSLY SOME PEOPLE I KNOW HAVEN'T BEEN SO LUCKY AND OPENED THE THING.

THE PROBLEM WITH THESE SUCH VIRUS'S IS THEY REPLICATE THEMSELVES IN PEOPLE'S EMAIL SYSTEMS SO WHEN SOMEONE SENDS IT TO ME BECAUSE THEY OPENED THE EXE FILE AND IT INFECTED THEIR COMPUTER, IT CONTINUES TO SEND IT TO EVERYONE ON THEIR EMAIL LIST. THIS ONE WILL TRY TO DO IT EVERY 30 MINUTES!!!! SO, I SUGGEST YOU KEEP A CONTINUOUS WATCH ON YOUR EMAIL UNTIL IT STOPS IF IT COMES TO YOU FROM SOMEONE. DON'T OPEN IT OUT OF CURIOUSITY. DUMP IT IN YOUR TRASH THEN CLEAR YOUR TRASH! GET IT RIGHT OFF YOUR COMPUTER.

I don't know how I can stress this enough.... ALWAYS!!!!! always, NEVER open an attachment from anyone, even friend or family, that you have not checked out completely first at a few of the above mentioned sites you can go to. The info is there.... use it. I don't know how many times I've heard "I thought I could trust it because it was from a good friend". If I had a dime for every time I heard that I'd buy a new puter! And.... if anyone sending you attachments does not have an anti-virus program on their computer don't accept from them either.

*****************************************************

JANUARY 28TH, 2000
Thanks Carol for passing me this info.....

Starting on December 29 through January 3, SARC has received 2,257 submissions of potentially infected files. They are happy to let you know that SARC has successfully responded to all these issues with an average return time of 3.1 hours. During this time, SARC has discovered 11 new viruses of which 7 were Y2K related. But it is important to understand that there is no known outbreak of these Y2K viruses and should be considered low risk. For a list of ongoing Y2K threats, please refer to the following web site: http://www.symantec.com/avcenter/y2k/#y2kthreats

Below are a list of the new viruses discovered during the Y2K and a short summary of each. For more information on each of the viruses/worm/trojan listed below, please refer to Symantec AntiVirus Research Center's virus encyclopedia located at the following web site at: http://www.sarc.com/.

"VBS.Tune" is a worm written in Visual Basic Script language. It will attempt to email itself out to each entry in the address book and attach itself as 'VBS.Tune'. The worm will also try to propagate through MIRC.

"W32.Crypto" is a memory resident Windows virus. It has a destructive payload that will encrypt the data on your hard drive using strong cryptographic algorithms.

"W32.LoveSong.998" is a memory resident Windows virus. It has a payload that triggers after Feb 16, 2000 that will play a tune on your PC.

"Kill98.Trojan" was distributed on illegal copies of Windows 98. On Jan 1, 2000, the trojan will delete files from the c:\ drive.

"W97M.Backhand.A" is a macro virus. On Friday the 13th, the virus will password protect the active document. If the system date is year 2000, the virus will reset the date to Jan 1, 1980.

"W97M.Chantal.B" is a macro virus that utilizes DOS Batch scripting (BAT), Visual Basic for Applications (VBA) and Visual Basic Scripting (VBS) to propagate. The virus has multiple payload of which one is malicious. On year 2000, the virus will delete all files from C:\ and from the current directory and displays a Y2K related message box.

"W97M.Vale" is a macro virus that infected Word97 and 2000 documents. The virus will try to propagate via MIRC. On Jan 1, May 19, Sept 20 and Dec 25, the virus will display various message boxes.

"Feliz.Trojan" is a malicious program that will display various Y2K related messages and also delete critical files on your hard drive.

"W97M.Armagid.A" is a macro virus that has a payload, which will change your cursor to a Red Cross symbol on May 8 of each year.

"Zelu" is a trojan horse program that simulates Y2K compatibility check, but actually deletes all your files.

"VBS.Lucky" is a Visual Basic Script virus, which will overwrite all file in the same directory with its virus code. On random algorithm, it will display a Y2K related message. It will also create a shortcut to a web site in Russia.

****************************************************

JANUARY 27TH, 2000

Please be on the alert for APStrojan.qa and BackDoor-G2. APStrojan.qa

APStrojan.qa is a trojan and AVERT raised its risk assessment from Low to Medium--On Watch. It primarily infects Windows 98 systems, though it may also infect Windows 95 if the file MSVBVM50.DLL is present. Please Note: This trojan has been reported by several users of the America Online Internet service. For this reason, AVERT researchers suspect it has been distributed by spam email sent to AOL users. APStrojan.qa is a password stealer designed to attack America Online client software to determine user account passwords. It will then attempt to send the stolen information to the author of the trojan. APStrojan.qa has been distributed as an attachment to an email with the subject line "hey you." The attachment has been widely reported with the name "MINE.EXE." Important: If your system has been infected with APStrojan.qa, AFTER removing the trojan, be sure to choose a new password for your AOLaccount!

To view this info direct from Averts labs, follow this link: " BackDoor-G2" is an Internet Backdoor trojan that infects Windows 9x systems. It is a new variant of the original BackDoor-G, which was first discovered 4/15/99. AVERT has changed its risk assessment from Low to Medium--On Watch for individual home users (there have as yet been no reports of infection from corporate clients). Once it infects your PC, BackDoor-G2 allows anyone running the appropriate client software to have virtually unlimited access to your system over the Internet. Your vital, private files may be read, altered, or destroyed. To view this info direct from Avert, follow this link: "Avert Info on BackDoor-G2"

****************************************************

JANUARY 11TH, 2000

The following is a list of viruses discovered by Avert Labs since January 1st, 2000. As you will see, all of these viruses have a risk assessment of "Low" but it is always good to be informed. Knowledge is what keeps us surfing safely. For more information click on the links following the virus names or to see the page at Avert, click this link. http://vil.nai.com/villib/alpha.asp

WinSKC .................... http://vil.nai.com/vil/vpe10537.asp Discovered 1-6

W32/Mix.2048 ........... http://vil.nai.com/vil/vpe10531.aspDiscovered 1-4

W97M/Armagidon.a ... http://vil.nai.com/vil/vm10528.aspDiscovered 1-1

PWSteal.Trojan ........... http://vil.nai.com/vil/vpe10513.aspDiscovered 1-1

 ***********************************************