This is the second one. The director of our lab recieved this virus in an email the day before we got the warning. But she was suspicious and didn't open it.

The following virus has been identified within the College of Ag
Sciences. This virus affects the following computer systems:

- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT
- Microsoft Windows 2000
- Microsoft Windows ME
- Microsoft Windows XP

W32.Dumaru@mm is a mass-mailing worm that drops an IRC (Internet Relay
Chat) Trojan onto the infected machine. The worm gathers email addresses
from you computer and uses its own SMTP engine to email copies of itself
to these addresses. The email has the following characteristics:

From: "Microsoft"
Subject: Use this patch immediately !
Message:
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
Attachment: patch.exe or patch1.exe

Recommended Actions:
1. Do NOT double-click or attempt to run the file associated with the
e-mail. Delete the e-mail message.
2. Update your virus definitions (Version 8/19/2003 rev 3, or greater
will detect this threat.)
3. Scan your hard disk.

Resources:
For information on updating your virus definitions, see the ICT Computer
Support web site at <http://ict.cas.psu.edu/Support/> and click
Anti-Virus Information.

The following web site has additional information on the
W32.Dumaru@mm:
http://www.symantec.com/avcenter/[email protected]

Virus Name:
W32.Dumaru@mm

Also known as:
W32/Dumaru@MM [McAfee]

Threat:
Medium

Platform:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Method of Infection:
Virus is sent via an e-mail attachment. If a user clicks on it and
executes the virus, his or her computer becomes infected.

What to Watch For:
From: "Microsoft"

Subject: Use this patch immediately !

Message:
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!

Attachment: patch.exe or patch1.exe


What Will It Do?
W32.Dumaru@mm is a mass-mailing worm that spreads by email. Sends itself
to all the email addresses it finds in the .htm, .wab, .html, .dbx,
.tbb, .abd files.

What do I do if the computer is infected?
Symantec Security Response has developed a removal tool to clean
infections of W32.Dumaru@mm. This is the easiest way to remove this
threat if you are infected. Go to this page:
http://www.symantec.com/avcenter/tools.list.html and click the
W32.Dumaru@mm link. Then PRINT this web page and follow the
instructions in the 'Obtaining and running the tool' section. If needed,
you may download the tool on a non-infected machine. Then transfer the
file via E-mail to the affected machine and follow the Symantec
instructions. Once you have the tool on the machine, you should
disconnect it from the network if possible while running the tool.


More information:
Internet Relay Chat or IRC
IRC is a multi-user chat system, where people meet on "channels" (rooms,
virtual places, usually with a certain topic of conversation) to talk in
groups, or privately.
http://www.mirc.com/ircintro.html

IRC Trojans
Some viruses install an IRC client (example: mIRC) somewhere on your
computer and start it every time you switch on your computer. Well known
examples of such viruses are the I LOVE YOU, SirCam, and Klez viruses.
http://www.mirc.co.uk/help/virus.html