From the Kenosha News on 1-29-06

New virus will delete files on February 3

It's very seldom that I issue a warning of a specific virus, but this one is legitimate, it's spreading fast, and it's nasty. Since it was discovered on January 17, more than 7 00,000 personal computers have been infected by the "Black worm." It also goes by other names, such as Nyxem, MyWife, or Blackmal.). On February 3rd, it will delete all user documents, including Word, Excel, PDF, and a number of other file types. For more information, go to the SANS (SysAdmin, Audit, Network, Security) web site at http://isc.sans.org/blackworm. SANS is an organization that provides security information for computer professionals, and they rarely mis-report or exaggerate a threat.

The black worm virus affects all versions of Windows, but not MacOS or Linux. It spreads through e-mail attachments of various names and also through file shares (network shared drives like you might have at work.) However, even if you never open attachments and you don't connect to a work network, I would not discount this or any other threat. On the other hand, there's no need to panic. Just do what is needed to detect if you have the virus and remove it.

SANS explains that "the worm will be detected by up to date anti-virus signatures. In order to protect yourself from data loss on February 3rd, you should use current ( Jan 23 rd, 2006 or later) anti virus signatures." If you don't have anti-virus software, get some very quickly. If your definitions are out of date, update them right away. Pay to renew your subscription if necessary. Once you have done that, do a full scan. (My article from 7/3/05 gives more information on use of anti-virus, including information on a free product.)

Further information on this virus is available on Symantec's web site at http://symantec.com/avcenter/venc/data/w32.blackmal.e@mm.html. They even have a removal tool for it! You can download and run the removal tool even if you do not have Symantec or Norton anti-virus. This should not hurt your computer, and if you are not infected, it will tell you so. Note, however, that the removal tool will not necessarily put EVERYTHING back the way it was on an infected machine. You may still have security vulnerabilities, which is why SANS recommends reloading your computer from scratch from the original CDs.

Disabling your anti-virus is one of the actions that viruses often take, so if you can't run your anti-virus, you'll need to take action immediately. Some options are to 1) Run the Symantec removal tool as described above, 2) Try a scan in Safe Mode, 3) Use Restore in Windows XP to go back to a previous point in time and then scan again, uninstall and re-install your anti-virus software, or 5) Reload your computer from the original media. Tasks 2 and 3 are discussed in my previous articles from 1/23/05 and 12/26/04 , respectively. These articles are available on-line at www.sabbarpublications.com; click on the News Archive link at the left. Consult your computer vendor if you need to reload your computer from scratch.

This virus is serious enough that you will want to warn friends and family members.

By Carol Sabbar from the Kenosha News on 1-29-06