>Hi all
>
>We’ve recently been exposed to the “Matrix2” virus, which we received via an email from a colleague in our office. This virus arrives in the form of an email – usually from someone you know – containing an attachment with a .SCR file extension – but with no heading.
>
>Some of the attachments are seemingly harmless – but if you open them, the virus will infect squillions of EXE and DLL files on your system. It’s a real problem because only the most recent virus patterns will detect the infection – and by the time you’ve detected it – it’s too late. This virus will then:
>
>1. Start sending e-mails to everyone you send e-mails to with a .SCR attachment (not necessarily the same attachment – there are several different file attachments) - AND you don’t actually know you’re sending these e-mails, as they don’t appear in either your outbox or sent items.
>2. Bar you from accessing the SYMANTEC web site (plus others) to download the latest virus pattern
>3. Somtimes run an auto-dial programme on boot up to try to access a remote site somewhere - presumably to do more damage to your system
>
>The only way I could get rid of the virus was to download a demo version of LEPRECAUN from their web site www.leprecaun.com.au (the virus doesn’t seem to know this is a virus-busting site) and run the DOS version of their virus removal system. It appears that windows verions of most virus busting software can’t remove the virus as it keeps replicating itself everytime you try and delete it.
>
>You can check to see if you’ve got this problem simply by going to SYMANTEC.COM and see if you can actually access the site. If you’ve got the virus, I’ve found that the quickest way to remove it is to
>
>1. Obtain a trial version of Leprecaun and install this.
>2. Restart your system to the command prompt only.
>3. Change to the leprecaun directory usually C:\PROGRA~1\LEPREC~1\VIRUSB~1
>4. Run their DOS based programme called SYSCLEAN by typing SYSCLEAN /ALL at the command prompt
>
>Unfortunately, I’ve found that you still can’t access the SYMANTEC web site, and IE still comes up with a General Protection error every time I try – even after cleaning the virus. After doing some more research, it was suggested we also re-install wsock32.dll, explorer.exe and rundll32.exe – we did this, but still can’t get into the SYMANTEC web site. The virus is now gone, and this appears to be the only legacy of a nasty experience.
>
>I found the web site www.zdnet.com very helpful reading as it also suggested more things to try – if you want more information on this virus you can go to:
>
>http://www.zdnet.com/zdhelp/stories/main/0,5594,2644979,00.html
>
>Regards
>
>
>
>Chris Kable
>FUELtrac

Hi Cris,

Yesterday we received a letter from our friend from Russia, which didn't contain anything (no subject, no message) except pps file attachment. Unfortunately, my husband accidentally ran it. Almost immediatelly realizing, that it's a virus, he killed it by Alt+F4, then continued working about 1,5h. He also ran Norton Antivirus (not the latest). We haven't figured out yet, was it really virus or not and what kind of damage had been done.

Do you have any info regarding this virus?

Thanks in advance.