In October 2002, an electronic greeting card (e-card) that appeared to have the characteristics of a worm, was sent to thousands of email addresses.
Based on requests from Symantec's corporate customers, Security Response provided definitions that detect and block this program.
The installation of software associated with the e-card requires your permission for it to perform its mass-mailing functions. If you cancel the installation of the software, worm-like activities will not be performed.
As of January 2004, the original Web site, www.friendgreetings.com, to which the e-card is linked appears to be unavailable.
The following Web sites have been reported to host the installation package for W32.Friendgreet.worm. Security Response has not confirmed this. Also, other similarly named sites may exist.
System Restore option in Windows Me/XP
If your Symantec antivirus product continues to detect this threat in the Windows Me and Windows XP System Restore folders, temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. When a computer is infected with a virus, worm, or Trojan, it is possible that the virus, worm, or Trojan could be backed up by System Restore. By default, Windows prevents System Restore from being modified by outside programs. As a result, there is the possibility that you could accidentally restore an infected file, or that online scanners would detect the threat in that location. For instructions on how to turn off System Restore, read your Windows documentation or one of the following articles:
For additional information and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article Anti-Virus Tools Cannot Clean Infected Files in the _Restore Folder,
Article ID: Q263455.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.