SWEN-A WORM

The Swen-A is a mass-mailing worm. It sends out fake messages to users, among them a message pretending to be a critical update, a message pretending to be a patch from Microsoft and a message falsely reporting that a message could not be delivered. The Swen-A will prevent certain applications from being executed while it resides in memory. It will display a box with the text "Try to pull my legs?" when the user tries to execute these programs. The Swen-A is executed each time the user executes a program and each time the user reboots their computer.

The email body of this worm will usually contain one of the following messages:
I'm afraid, I'm sorry, Hi, the message returned below could not be delivered, Message from, This is the qmail program, Message follows: I wasn't able to deliver your message to the following addresses, Undeliverable, Undelivered, Mail, Message
The email attachment is generated as a random name.

REMOVAL INSTRUCTIONS:

Download SwenFix.zip
Unzip SwenFix.zip to your C: Drive
Boot up your computer using a clean Boot Diskette from your A Drive
At the A: Prompt, type:
- C:
- swenfix [ENTER]

For Windows 2000/XP:

Download SwenFix.zip
Unzip SwenFix.zip to your C: Drive
Press F8 on bootup and select "Safe mode with Command prompt"
At the C: command prompt, type:
swenfix [ENTER]

For Windows NT:

Download SwenFix.zip
Unzip SwenFix.zip to your C: Drive
Click on "Start","Run" and type "cmd" [ENTER]
Press "Ctrl+Alt+Del". Click on "Processes"
Click on "Explorer.exe". Click on "End Process"
At the C: command prompt, type:
swenfix [ENTER]

You must have an original version of V-Buster installed on your computer for this Fix to work. SwenFix will automatically fix your registry and scan your C Drive with V-Buster. If you have more than one partition, use V-Buster to scan these other Partitions once the C drive scan is complete. If your computer is infected, download the Fix from a clean computer and copy the files over with a diskette.

Return Home