"On The Fly"......New virus??

[Super6]

Apparently picked up a new virus going around N. CA. So far Norton and McAfee don't see it. Under regedit, find, "fly", repeat until you either get "On The Fly" or finish. Delete it and it comes back.

No apparent damage yet but I'm not emailing at this time as I'm told by a local it tags along and not as an attachement.

Any info or ideas would be appreciated.

Super6

 

[medic]

Hmmm...
I have "fly" and "On the Fly" in my Registry however it's part of Nero under the Burning Rom/CD Copy key for on the fly burning.

3 scanners and no virus's reported...

What scanner told them it's a virus?

 

[Super6]

I'll try to get more info. Of the reported dozen or so systems infected, I doubt if more than a couple have Nero. I do, so I'll take a closer look at mine. It would be an interesting coincidence.

Super6

 

[Sugadaddy]

I have OnTheFly also, but it's from Nero... I don't think that's a virus.

 

[Super6]

The OnTheFly entry appears to be a coincidence as far as Nero is concerned. A techie in the next valley over is trying to clean up his system. Apparently it's a new variation of the ANNAKOURNIKOVA.JPG.VBS virus/worm. It can come as an attachement to an email or embedded in one (HTML?).

If your system is infected a format of a floppy will result in 1.38Mb. All his recent 98 boot floppies are infected. In the registry will be some off-the-wall reference to "fly" or "fly=...", or OnTheFly. Also, an entry MRU=....then a listing of your drives.

He was able to see some of the code in the attachment on one system via Excel....which also set it off. He thinks the initial entry is via an attachement then it grabs two addresses and embeds itself in the outgoing emails. It apparently also has infected his Adaptec burning software. He's concerned about a possible bios threat but hasn't been able to confirm or not.

My system seems ok as I have Nero but between the two of us we know of about a dozen systems up here in Northern Cal. which appear to be infected and don't have Nero.

This a grey area for me. He's been in touch with Symantec and McAfee but they're not much help as of yet.

I'll try to get him to sign up and post what he's found out when he's able.

Super6

 

[Varmot]

That is strange.. I have NERO 5044 and don't have "on the fly" or "fly" in my registry.

 

[Isaiah]

This is odd I just did a new install of windows and Nero, and I do have "OnTheFly" and "Fly" in the registry

Isaiah

 

[Hector13]

<< A techie in the next valley over is trying to clean up his system. Apparently it's a new variation of the ANNAKOURNIKOVA.JPG.VBS virus/worm. It can come as an attachement to an email or embedded in one (HTML?). >>


What kind of techie opens up an unkown email attachment??



<< He was able to see some of the code in the attachment on one system via Excel....which also set it off. >>


And then opens it in Excel?

This still sounds kind of odd to me.

 

[Super6]

Hector13;
I would've deleted it myself...don't know what he was thinking. Bottom line is about a dozen buggy systems in the area...some marginal and some down for the count and Norton and McAfee aren't picking it up.

My system appears ok and system 2 is never online, so it's clean. Will be getting requests for clean installs if no fix comes along. Hopefully format x: /u and/or fdisk eliminates any boot sector issues. Bios problems could be a killer on some of these no-name SiS chipset MB's.

If nothing else formatting a floppy to see if you come up with 1.38Mb might be the easiest check. If I learn more I'll post more. Viruses aren't an area I'm up to speed on.

Later,

Super6