Sonic.Worm approaching
An invasion possible
Most major anti-virus software manufacturers, such as Symantec and Computer Associates, are getting reports of Sonic.Worm infections from France and Germany and a small number of reports from Canadian provinces. Although it is undetermined how many PCs in the United States are infected, all e-mail viruses should be treated with an ounce of prevention since they tend to be very prolific.
The perpetrator
Sonic.Worm will arrive as an e-mail message that has the following subject:
Choose Your Poison, or
I'm your poison
The virulent part of the e-mail is an executable attachment named:
girls.exe, or
lovers.exe
If you are unlucky enough to launch the executable, the following text will be displayed in a Windows message box:
"girls.exe is not a valid Win32 application.", or
"lovers.exe is not a valid Win32 application."
Sonic will copy itself to the Windows system directory as a file called GDI32.exe and install itself in the System Registry under the Run Key as HKLMSoftwareMicrosoftWindowsCurrent VersionRun"GDI"=C:WindowsSystemGDI32.exe
Once the file loads to your system it tries to update itself with a file called "Lastversion.txt" from www.geocities.com. The text file that is downloaded is non-virulent. It contains information telling Sonic.Worm what the latest version of the virus is. For example, if "Lastversion.txt" contains the number 52, a file named 52.zip is downloaded and used to update Sonic.Worm to the most current version.
Note: According to sources at Computer Associates, the latest version, Win32.Sonic.56, can act as a backdoor to allow a hacker access to your PC. Once they have admission to your PC, they can steal passwords or manipulate files contained on your hard drive.
To protect your PC from the viral threat, scan for out-of-date anti-virus files using My Updates.
Or, for the most current files for your anti-virus software, check our Essential Anti-Virus Signature File section.