This worm uses counterfeit e-mail addresses to make it appear it came from
rootsweb, your mother, or your best friend. If you receive an attachment,
don't open it until you confirm that the person actually sent it to you.
Below is information about the worm and how to "disinfect" your computer if
you have it.
The following is from the Norton Antivius Center
http://www.symantec.com/avcenter/:
W32.NewApt.Worm
Detected as: W32.NewApt.Worm
Aliases: Worm.NewApt
Infection Length: 69,632 bytes
Likelihood: Common
Region Reported: US, Europe
Characteristics: Worm
Description
W32.NewApt.Worm was discovered on December 14, 1999 in Italy. This worm will
email itself out when receiving email via Microsoft Outlook or Netscape
Navigator. When activated, the worm will display an error dialog and modify
the registry so the worm is reloaded each time the computer
is restarted.
When received by email (and if you do not have an HTML capable email
client), the message body will be:
he, your lame client cant read HTML, haha.
click attachment to see some stunningly HOT stuff
Otherwise, the text will include a reference to a website and the following
message:
Hypercool Happy Year 2000 funny programs and
animations
.
We attached our recent animation from this
site in our mail! Check it out!
Attached to the message will be one of the following file names:
g-zilla.exe, cooler3.exe, cooler1.exe, copier.exe, video.exe,
pirate.exe, goal1.exe, hog.exe, party.exe, saddam.exe, monica.exe,
boss.exe, farter.exe, cheeseburst.exe, panther.exe, theobbq.exe,
goal.exe, baby.exe, bboy.exe, cupid2.exe, fborfw.exe, casper.exe,
irnglant.exe, or gadget.exe
The worm will add the following registry key:
HKLM/Software/Microsoft/Windows/CurrentVersion/
Run/tpanew
To remove the worm from memory, remove the above registry key and then
restart. Delete all infected files.