A serious impact virus/Trojan is circulating on the net that infects systems without user clicking, going to links, or any user interface if you’re connected to the internet.

<O:pIF YOUR IE OR OTHER INTERNET BROWSER HAS SLOWED DOWN, AND E-MAIL ACCESS [SEND AND RECEIVE] HAS SLOWED DOWN TO A SNAILS PACE, OR YOUR SERVERS ARE BEING RESET, YOU SHOULD SCAN FOR THIS VIRUS/TROJAN.

For information and links about this virus/Trojan: “JS/Psyme.gen” go to the links below:
</O:p

http://www.google.com/search?q=info

http://search.findtarget.com/cb/hotsheet.php?q=info+Trojan%20JS/Psyme.gen&style=hs_1

http://www.adwarealert.com/glossary_details.php?ID=133486 (http://www.adwarealert.com/glossary_details.php?ID=133486)

<O:p
<?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" /><v:shape id=_x0000_i1025 style="WIDTH: 9.75pt; HEIGHT: 9.75pt; mso-wrap-distance-left: 4.5pt; mso-wrap-distance-right: 4.5pt" type="#_x0000_t75" alt=""><v:imagedata src="file:///C:\DOCUME~1\GARYRB~1\LOCALS~1\Temp\msohtml1\01\cli p_image001.png" o:href="http://www.adwarealert.com/assets2/images/arrow_red_d.png"></v:imagedata></v:shape>What is Psyme? (Description):
Psyme is a notoriously cunning downloader. The distributors of Psyme are known to actually insert links to the Trojan in other, legitimate websites and to propagate popups that also link to the Trojan. Clicking on the link or popup will initiate an automatic download of the Psyme Trojan that will then make contact with the Internet connection of the infected computer. From that point, it downloads other Malware, usually in the form of spying utilities like keyloggers.

Psyme abuses a vulnerability in older versions of Internet Explorer. By exploiting the way Explorer receives ADODB stream objects, the Trojan can download and install without being checked. ADOdb is a database abstraction written for certain programming languages; it allows Explorer to interpret information from various types of databases, regardless of which language they are written in.

Psyme has two popular variants; one is written in Visual Basic Script (VBS) and one in Java (JS). They have the same objectives. Additionally, there are another Trojan Downloaders called Psymedo and Trunlow that have characteristics so similar to Psyme that some authorities list them as the same program.
<O:p
Characterstics

Records personal data / keystrokes
Downloads unsolicited files
Exploits a security flaw
Installs without user consent
Inadequate uninstall procedures
Insufficient privacy disclosure and consent
<O:p
This Trojan is know to reset, overload, and slow down servers! [one case each 45 minutes a server reset]


This Trojan also turns off your Virus scanning programs or disables background real time Virus/Trojan/Worm scanning.


<TABLE class=MsoNormalTable style="WIDTH: 330.3pt; mso-cellspacing: .7pt; mso-padding-alt: 1.5pt 1.5pt 1.5pt 1.5pt" cellSpacing=1 cellPadding=0 width=440 border=0><TBODY><TR style="mso-yfti-irow: 0"><TD style="BORDER-RIGHT: #ece9d8; PADDING-RIGHT: 1.5pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 1.5pt; PADDING-BOTTOM: 1.5pt; BORDER-LEFT: #ece9d8; PADDING-TOP: 1.5pt; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent" vAlign=top noWrap>Category Description <O:p






</TD><TD style="BORDER-RIGHT: #ece9d8; PADDING-RIGHT: 1.5pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 1.5pt; PADDING-BOTTOM: 1.5pt; BORDER-LEFT: #ece9d8; PADDING-TOP: 1.5pt; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent" vAlign=top>A Trojan Downloader is a program typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware and unwanted software onto a victim's PC. A Trojan Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.


</TD></TR><TR style="mso-yfti-irow: 1"><TD style="BORDER-RIGHT: #ece9d8; PADDING-RIGHT: 1.5pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 1.5pt; PADDING-BOTTOM: 1.5pt; BORDER-LEFT: #ece9d8; PADDING-TOP: 1.5pt; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent" vAlign=top noWrap>Level<O:p


</TD><TD style="BORDER-RIGHT: #ece9d8; PADDING-RIGHT: 1.5pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 1.5pt; PADDING-BOTTOM: 1.5pt; BORDER-LEFT: #ece9d8; PADDING-TOP: 1.5pt; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent" vAlign=top>High</TD></TR><TR style="mso-yfti-irow: 2; mso-yfti-lastrow: yes"><TD style="BORDER-RIGHT: #ece9d8; PADDING-RIGHT: 1.5pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 1.5pt; PADDING-BOTTOM: 1.5pt; BORDER-LEFT: #ece9d8; PADDING-TOP: 1.5pt; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent" vAlign=top noWrap>Level Description<O:p






</TD><TD style="BORDER-RIGHT: #ece9d8; PADDING-RIGHT: 1.5pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 1.5pt; PADDING-BOTTOM: 1.5pt; BORDER-LEFT: #ece9d8; PADDING-TOP: 1.5pt; BORDER-BOTTOM: #ece9d8; BACKGROUND-COLOR: transparent" vAlign=top>High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.


</TD></TR></TBODY></TABLE>
<O:p
What is a Downloader?As its name implies a Downloader is the part of a malicious program that actually downloads and installs software onto your computer. Downloaders can be found on any type of malware, but they're most commonly associated with Trojans because these programs' objective is to download material without the user being aware of it. <O:p

The Downloader is usually responsible for executing the programs it has loaded. It may do this as soon as the downloading process is complete, or it may register the execute command with the local system requirements. This way the the malicious software will autorun at a specified time or after a specified action. The names of the downloaded files and the locations may be either encoded in the Downloader itself or sent via an unseen website.

Note: This Psyme manual removal process is difficult and you run the risk of destroying your computer. We highly recommend you use the online scans and removal tools.

McAfee is not aware or lists this Trojan, and does not detect this virus/Trojan<O:pThis Trojan self loads onto your system without any clicks, links, or user actions, from infected web sites.
<O:p
This virus/Trojan information is for your information and alert, especially if you notice a severe slowdown in IE or browser in accessing links or addresses, and very slow e-mail send and receive with “Outlook”<O:p

Microsoft Windows Live ™ OneCare for Vista and Windows XP is the program which detected this Trojan after it had shut down OneCare, and I force restarted OneCare.

<O:p
For your information and use

<O:p
Gary or “NakedGary”

I'm not sure where you got this information because you don't quote a source. However, the Symantec website says that this Trojan was first discovered in 2004. I checked a couple of other security websites, including the US-CERT website ( http://www.us-cert.gov/ ), and they show no recent activity with this trojan. For those who aren't schooled in computer security, US-CERT is the United States Computer Emergency Readiness Team, which is a group of researchers and professionals who constantly monitor threats to the US computer infrastructure and report them to the public. I have found that they are pretty good at posting notifications when a new threat has been found. By monitoring Symantec, US-CERT, and a few other sites, I feel that I've been sufficiently warned of emerging threats over the past 3-4 years that I've been doing security at my company.

I suspect that this is just another chain mail. These ultra-urgent warning e-mails pop up from time to time. They typically report that a brand new virus/worm/malware is circulating and Microsoft/Symantec/Norton/[plug in any big name] can't stop it and we're all in danger of being infected. Some of them try to convince the recipient to delete a system file by saying that it is really a virus file. Some people are so frightened by the e-mail that they delete the file and have to call in a professional to fix what they did.

A couple of months ago, our CEO forwarded me an e-mail that he had received about a "Brand new virus" that could infect any Microsoft Operating System without warning and without the user doing anything. The e-mail said that Microsoft was scrambling to find a fix but had no idea how to block it and was trying to cover it all up until they figured out how to fix it. With a few quick searches, I found that the e-mail was actually a chain e-mail whose purpose was to frighten people and waste their time. They had used the name of a virus that was first reported in 2001 and was actually a low threat level virus.

Symantec's website says that their virus protection updated since April 2004 will detect and clean this Trojan. They also call this a low threat level with easy containment and removal. The following is an excerpt from the Symantec website about the Psyme Trojan:

************************************************** *************

Symantec Security Response
http://www.symantec.com/security_response/index.jsp
Downloader.Psyme
Risk Level 1: Very Low
Discovered: April 1, 2004
Updated: February 13, 2007 12:20:34 PM
Also Known As: Troj/Psyme (Sophos), VBS/Psyme (McAfee), Trojan.VBS.KillAV (KAV)
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
SUMMARY

Downloader.Psyme is a Trojan horse that downloads and executes a file. It uses a known exploit of ADODB stream objects in Microsoft Internet Explorer.

Virus definitions dated before April 2, 2004 detect this threat as a Trojan horse.
Protection

* Initial Rapid Release version April 1, 2004
* Latest Rapid Release version December 11, 2007 revision 033
* Initial Daily Certified version April 1, 2004 revision 036
* Latest Daily Certified version December 11, 2007 revision 040
* Initial Weekly Certified release date April 1, 2004

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild

* Wild Level: Low
* Number of Infections: 0 - 49
* Number of Sites: 0 - 2
* Geographical Distribution: Low
* Threat Containment: Easy
* Removal: Easy

Damage

* Damage Level: Low

Distribution

* Distribution Level: Low

TECHNICAL DETAILS

When Downloader.Psyme runs, it performs the following actions:

1. Sends a Get request to a predetermined Web site, and tries to download a file.

2. Creates an ADODB Stream object and executes the file.

3. May attempt to save the file on the computer.

4. May also try to send a confirmation to the download server that the file has been retrieved.


The behavior of this downloader varies. What it may add to the registry or StartUp folders also varies.

In some versions, the following files are saved:

* C:\Windows\m.exe
* C:\Windows\mp.exe
* C:\Windows\dp.exe
* C:\Winnt\m.exe
* C:\Winnt\mp.exe
* C:\Winnt\dp.exe
* C:\Windows\uninstl.exe

************************************************** *************

I would suggest to everyone that they use a firewall and keep their virus protection up-to-date. Have it check for updates automatically every day or every time you connect to the Internet. If you do that, you will be as protected as you possibly can be short of not connecting to the Internet.

Stay nude.

bg