A Melissa-like virus that spreads through e-mail has been discovered on the Internet. This virus, called ExploreZip, masquerades itself as an e-mail attachment. When executed, the attachment erases selected files in the infected computer ...

Singapore, 12 June 1999 | For Immediate Release

Issued by National Computer Board (NCB) and the Singapore Computer Emergency Response Team (SingCERT)

A Melissa-like virus that spreads through e-mail has been discovered on the Internet. This virus, called ExploreZip, masquerades itself as an e-mail attachment. When executed, the attachment erases selected files in the infected computer, including those stored on computer networks connected to the infected computer. The virus affects computers running Windows 95, Windows 98, and Windows NT operating systems.

The National Computer Board (NCB) and the Singapore Computer Emergency Response Team (SingCERT) advise PC users to take the necessary precautions to protect against virus attacks in general. Some healthy practices that users should observe regularly include:

i) Install anti-virus software and keep it up-to-date.

ii) Do not run attachments or downloads indiscriminately. Attachments delivered with emails are the most popular means of spreading viruses today. Users should also make sure that their Internet Mailer programmes such as Outlook, Messenger, do not automatically open attachments when reading emails. Downloads from sites that are not reputable should not be trusted.

iii) Do regular back-ups of important data files.

iv) Turn on Word's Macro Virus Protection.

v) Subscribe to anti-virus mailing lists available from most of the major anti-virus vendors to get the latest alerts of new viruses.

vi) Make the Normal.dot file Read-only. Most macro viruses need to modify the Word file 'Normal.dot' in order to spread themselves among Word documents. By making this file Read-only, it cannot be modified.

SingCERT, set up by the NCB and the National University of Singapore (NUS), assists companies in handling computer incidents such as computer hacking and viruses. It regularly alerts and educates users about viruses on its web site at http://www.singcert.org.sg. Users can visit the SingCERT web site for more information on the Explore.Zip virus.

Background Information

Worm.ExploreZip is a new virus being reported that is distributed through email attachments.

Worm.ExploreZip is suspected to be more virulent than the Melissa virus. It uses Microsoft Outlook or Microsoft Exchange to mail itself out by replying to email messages in the Inbox of an infected computer.

Users may receive this worm as an attachment named "zipped_files.exe" to their email. The body of the email message usually appears to come from a known email correspondent, and may contain the following text:

"I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs."

The subject line of the message may not be predictable, and may appear to be sent in reply to a previous email.

Each time an attachment containing Worm.ExploreZip is executed, the worm will destroy any file with the extension .h, .c, .cpp, .asm, .doc, .ppt, or .xls on the computer's hard drive, as well as on any other computer networks that are connected to the infected computer.

When run, this attachment will copy itself to the Windows System directory with the filename "Explore.exe". The worm modifies the WIN.INI or registry such that the file "Explore.exe" is executed each time the user starts Windows.

Users are advised to update their anti-virus software to ensure that their systems are protected against the latest viruses.

Also, if they receive an email with an attachment named "zipped_files. exe", they should not run the attachment.

Last updated on: 10 Jun 2019