>>From what I gather, this is an Outlook specific virus that operates through the WSH? Can you or anyone else tell me if is this correct?
>
>Seems definite now, WSH is the medium. We have a number of 95 Exchange users that have WSH somehow or another, apparently they were spreading it too. This will be the top of the news tonight, I have a suspicion :)
>
>This is the first time my agency has been rocked to the core by a virus (or pseudo-virus, as you might call some of them). Previously just a few little macro-types have hit only a few users and servers.
>
>I still can't believe the number of users here that actually opened the darn thing. We tell them time and again not to, but I guess because we've never been hit hard before, they haven't got the message. It takes a lesson to learn, sometimes.

Well, that VBS extension pretty much gave the fact that it was using the WSH.:-)

Fortunately, while I use Outlook, it sits on top of ccMail and any incoming attachment would have the date/time stamp appended onto the file extension. So I'd have to save it to a disk and re-name it. Naturally, the extension would've made me curious as to what it was so I probably would've opened it up in the editor (OK, notepad< g >) before trying to run it.

I've heard that a couple of folk at Shaw have gotten hit (up in Dalton I think). Since we use Notes, and since the virus seems specific to propogating itself via the Outlook address book, it hasn't spread through Shaw. The Shaw address book is huge, and I haven't seen or know personally of anyone who has seen it.