Microsoft KB Archive/326353

= Virus Alert About the &quot;Frethem&quot; Virus =

Article ID: 326353

Article Last Modified on 12/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows 95
 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows 98 Second Edition
 * Microsoft Windows Millennium Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Server 4.0 Enterprise Edition
 * Microsoft Windows XP Professional x64 Edition
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional

-



This article was previously published under Q326353



SUMMARY
The W32.Frethem.J@mm and W32.Frethem.K@mm worms are mass-mailer worms that are variants of the W32.Frethem.B@mm worm.



MORE INFORMATION
The Frethem virus arrives in an e-mail message with the following subject line:

Re: Your password!

The e-mail message has two attachments:
 * Decrypt-password.exe
 * Password.txt

The .exe file contains the viral payload. The virus uses a previously announced vulnerability to run the virus when you read or preview the message that contains the virus.

Prevention
 Block potentially damaging attachment types at your Internet mail gateways. This virus uses a previously announced vulnerability as part of its infection method. Because of this, you must make sure that your computers are patched for the vulnerability that is identified in Microsoft Security Bulletin MS01-020. For more information about this bulletin, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx

To obtain the most recent cumulative security patch for Microsoft Internet Explorer, which includes the fixes for the vulnerabilities that were announced in Microsoft Security Bulletin MS01-020, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS02-023.mspx

 If you are using Microsoft Outlook 2000 Service Release 1 (SR-1) or earlier, install the Outlook E-mail Security Update patch to prevent this virus (and the majority of other viruses that are borne by e-mail messages) from running.

Outlook 2000 Service Pack 2 (SP2) and Microsoft Outlook 2002 automatically contain the functionality that is contained in the Outlook E-mail Security Update patch.

To install the Outlook E-mail Security Update patch for Outlook 2000 SR-1 or earlier, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=96DF48A9-7638-429E-816E-35F16F6528CA&displaylang=EN

 You can also configure Microsoft Outlook Express 6 to block access to potentially damaging attachments.For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

291387 OLEXP: Using Virus Protection Features in Outlook Express 6

Earlier versions of Outlook Express do not contain attachment-blocking functionality. Use caution when you open unsolicited e-mail messages with attachments.

 Using a program-level firewall can protect you from being infected with this virus through Web-based e-mail programs.

Recovery
If your computer has been infected with this virus, contact Microsoft Product Support Services or your preferred antivirus vendor for help with removing the virus. For information about contacting Microsoft Product Support Services, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS



Related Security Information
For additional information about viruses, visit the following third-party Web sites:

http://securityresponse.symantec.com/avcenter/venc/data/w32.frethem.k@mm.html

http://securityresponse.symantec.com/avcenter/venc/data/w32.frethem.j@mm.html

http://vil.nai.com/vil/content/v_99565.htm

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

For additional security-related information about Microsoft products, visit the following Microsoft Web site:

http://www.microsoft.com/protect/default.mspx

Keywords: kbdownload kbinfo kbsecantivirus kbvirus KB326353

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.