W97M/Suppl Virus Alert!!! (9/22/99)
This question was answered on September 22, 1999. Much of the information contained herein may have changed since posting.
Yet another Word Macro virus named the W97M/Suppl has been discovered Like many other virus/worm programs of this nature, it attempts to infect other computers by attaching itself (using the file "SUPPL.DOC") to outgoing email messages If you receive an email with an attachment called SUPPL.DOC, DO NOT OPEN the attachment Delete it immediately
W97M/Suppl has a destructive payload: At infection, the virus replaces the existing WSOCK32.DLL file with a new version that contains a trojan Approximately 163 hours (6.79 days) after initially infecting the local machine, the corrupted WSOCK32.DLL will corrupt all files within all fixed drives with the following extensions: .doc, .xls, .txt, .rtf, .dbf, .zip, .arj & .rar
Common indications of infection include receiving a Macro warning during the opening of an infected document, an increase in the size to the global template or a confirmation message of changes to NORMAL.DOT
Mcafee VirusScan must be upgraded to version 4.03 in order to combat this new strain You can update it at:
<a href="http://download.mcafee.com/updates/updates.asp"><font color="#003399"> http://download.mcafee.com/updates/updates.asp</font></a><p>
Get the latest Norton Anti-Virus update at:
<a href="http://www.symantec.com/avcenter/download.html"><font color="#003399">http://www.symantec.com/avcenter/download.html</font></a>
According to Norton's Antivirus Research Center, to completely remove the worm (ONLY IF YOU HAVE BEEN INFECTED!), you can do the removal steps below
If you are using dial-up connection (i.e America Online), you need to do the following:
Terminate Internet connection
Use Windows Explorer to delete files named ANTHRAX in WINDOWS directory and the incoming attachment, SUPPL.DOC file
If WSOCK33.DLL presents, delete the detected WINDOWS\SYSTEM\WSOCK32.DLL If you do not see any file named WSOCK33 or WSOCK32, you need to change Windows Explorer view setting to view DLL / System files In Windows 95, this can be done from View-Options-ShowAllFiles In Windows 98, this can be done from View-FolderOptions-View-HiddenFiles-ShowAllFiles
In WINDOWS\SYSTEM\ directory, copy WSOCK33.DLL to WSOCK32.DLL
If you are connected to Internet through permanent connection (i.e Office LAN, DSL, or cable modem), you need to do the following:
From the Start menu, select shutdown-restart in MS DOS mode
Type CD \windows\system when DOS prompt (C:\)appears
Type COPY WSOCK33.DLL WSOCK32.DLL
About the author
Posted by Ken Colburn of Data Doctors on September 22, 1999
Need Help with this Issue?
We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!