Tech wrote:
Please, if you ask step by step or number your question will be easy to us to follow your mind...
Thanks,
Tech for the suggestion. Good point, I'll try and make it easier and catalogue my questions (if more context is needed then please refer to my original message).
1) Apparently it is the
executable (code) program that is "attached", "added" or "written into" the documents that have certain specific "extension" names (wab, dbx, htm, html, eml and txt) as described.
Is this TRUE ?2) The Win32:Sobig-B copies itself into the Windows folder under the name msccn32.exe and then sets the following registry values:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\System Tray
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\System Tray
so that it is executed every time you log on to your computer.I don't really Log on or off my computer in WIN98SE, in my case would it be executed at
BOOT UP ?
3) Since executable programs (code) is typically created to do some kind of action beyond simply residing in the file. What exactly does this
executable (code) program I presume to be "mscon32.exe"
actually do when it is being executed ?4) As described "The worm deactivates itself on 31st May 2003." Presumably the worm has not been active after May 31st 2003. If this is the case then I can conclude it has no impact on my computer after that date, right ?
5) Also why would a worm have a "deactivation date" in the first place ?
6) It would appear that this virus has been on my computer for years considering the "deactivation" date of May 2003, is this correct ?
7) If so, then I have to presume that Norton 2004 AV didn't scan the location to have found this worm since I would presume that it is a well known virus,
is this True ? 8 ) When Avast recommends to "delete" a virus (as in this case) is the always the
BEST CHOICE ?
9) Under what circumstances would you make an alternative choice like sending it the the "virus chest" or "renaming the file" etc. ?
10) Would Avast tell me to do this alternative choice if that was what is best ?
11) Avast states the following: "avast! with VPS file dated on or after 19th May 2003 is able to detect this worm" The above statement by Avast would mean that the worm was only active from May 19th 2003 to May 31st 2003, when it "deactivated" itself,
is this correct ? 12) It seems odd to me to have a only a 12 day window "activity window" for a "virus". Considering that the "worm" was only "active" a very short time
is it true that the original intent of the "executable code" was at the very worse
benign but that since it
could be easily modified for the purpose of malicious intent it is considered a threat and thus the designation "worm" virus ?13) Considering I don't appear to have problems with my PC, what kind of malicious damage could this code have or might have done to a PC ?Thanks in advance for any info