AVG Virus Scam List

A couple of these scam viruses are worth mentioning, due to their cleverness.
Even if you have installed Windows Updates to protect against the IFRAME vulnerabilties mentioned above, these viruses try another trick. <<< click the BACK button on your browser to go back to the same place from AVG website:

A funny variant of the virus presentation can be the following e-mail, in which the virus is being offered as a tool for removing the older variant.

text of message:
Worm Klez.E immunity
Klez.E is the most common world-wide spreading worm.It's very dangerous
by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most
common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into
your PC.
NOTE: Because this tool acts as a fake Klez to fool the real
worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.

Such a message has the Subject field from the following list:

Hi,
Hello,
Re:
Fw:
Undeliverable mail--"%s"
Returned mail--"%s"
a %s %s game
a %s %s tool
a %s %s website
a %s %s patch %s removal tools
How are you
let's be friends
darling
so cool a flash,enjoy
it your password
honey some questions
please try again
welcome to my hometown
the Garden of Eden introduction on ADSL
meeting notice
questionnaire
congratulations
sos!
japanese girlVS playboy
look,my beautiful girl friend
eager to see you
spice girls' vocal concert
japanese lass' sexy pictures

On the place of %s string can be a one of the following words:

new
funny
nice
humour excite
good
powful
WinXP IE 6.0
W32.Elkern
W32.Klez.E

VBSFunny virus will ask you "When did you die?" and (after you run the VBS attachment) make your browser open to www.makeyoulaugh.com while it performs other havoc. Funny..

One of the variants of VBS I Love You has this Scam in the contents:

text of message:
Subject: Virus ALERT!!!

Dear Symantec customer,
Symantec's AntiVirus Research Center began receiving reports
regarding VBS.LoveLetter.A virus early morning on May 4, 2000 GMT.
This worm appears to originate from the Asia Pacific region.
Distribution of the virus is widespread and hundreds of thousands
of machines are reported infected.
The VBS.LoveLetter.A is an Internet worm that uses Microsoft
Outlook to e-mail itself as an attachment.
The subject line of the e-mail reads ILOVEYOU, with the attachment
titled LOVE-LETTER-FOR-YOU.TXT.VBS.
Once the attachment is opened, the virus replicates and sends
an e-mail to all e-mail addresses listed in the address book.
The virus also spreads itself via Internet relay chat and infects
files on local and remote drives including files with extensions
vbs, vbe, js, sje, css, wsh, sct, hta, jpg, jpeg, mp3, mp2.
Users should exercise caution when opening e-mails with this
subject line, even if the e-mail is from someone they know,
as that is how the virus is spread.
Symantec Corp. today announced availability of the virus definition
to detect, repair and protect users against the VBS.LoveLetter.A virus.
This definition is available now via Symantec's LiveUpdate and can
also be downloaded from the following web sites:
http://www.symantecstore.com/AF74211/promo/loveletter
http://www.digitalriver.com/symantec
Also as a quick solution Symantec Corp. offers Visual Basic Script
to protect your PC against this worm. (See attached.)
Note! When executed, this script will protect Your PC from being
INFECTED by VBS.LoveLetter.A virus.
To cure already infected PC's download Norton Antivirus Updates
mentioned above.
Symantec Corporation -
a world leader in internet security technology.

Attached file: protect.vbs

<<< click the BACK button on your browser to go back to the same place