Troj/Mine

Please read the instructions for removing Trojans.

You should also change your AOL password.

If problems persist contact support.

Note: Some people are getting confused between this Trojan horse and the Hey You virus hoax.

This is a memory resident AOL password stealing Trojan that installs itself in \windows\system\mine.exe, \windows\uninstallms.exe and \msdos98.exe.

It also writes a file \windows\system\readme.txt containing the text:

"Did you like it? Write Back ok?".

While resident in memory the Trojan interferes with Winzip, and sometimes doesn't let regedit run. It also can make Windows fail to shut down.

This Trojan has been seen attached to an email with the subject line "hey you" and the text:

hey i finally got my pics scanned..theres like 5 or 6 of them..so just download it and unzip it..and for you people who dont know how to then scroll down..tell me what you think of my pics ok?

if you dont know how to unzip then follow these steps

When you sign off, AOL will automatically unzip the file, unless you have turned this feature off in your download preferences.

If you want to do it manually then

On the My Files menu on the AOL toolbar, click Download Manager.

In the Download Manager window, click Show Files Downloaded.

Select my file and click Decompress.