PDA

View Full Version : Virus alert and disclaimer



billp
01-29-2004, 11:04 AM
In the past two days I have received 3 notices that I "may" be sending out the w32/mydoom virus to other people via e-mail.At least two of these people are Shopbotters, and I don't know if the third person is also NONE of these people are in my address book, and due to all of the virus alerts over the last few weeks I have updated Norton anti-virus both automatically AND manually EVERY DAY, as well as doing a full system scan every other day ( now switched to daily..) without finding anything on my machine. I also have Zone Alarm Pro on the machine blocking scripts, etc.
I am not quite sure how this particular virus works but I'm suspecting that it picks up someone's address book and uses those addresses to "send" further clones of itself. If you have me in your address book please check your anti virus settings. Even if you don't it might be a good idea for ALL of us to stay on guard for this one.
In the interim if anyone has any ideas about checking into this further I'd appreciate the info, Thanks, Bill P.
P.S. I just did another scan with Norton before sending this note into the Forum, just in case...

ADMIN edit: Removed names

Support
01-29-2004, 11:42 AM
Two viruses - mydoom and W32.Novarg.a - are currently hammering email systems. They hijack email addresses from vunerable computers to put in as the sender. ShopBot no longer sends back notices that infected email was received because 1)it just doubles internet traffice, and 2)it doesn't reach the real sender. Best advice is to use antivirus software and keep it up to date. For more info, just do a Google search for those virus names.

bill.young
01-29-2004, 11:53 AM
Bill,

You're right...this is one of those mass-mailing viruses that send itself out to everyone in the infected user's address book. In the last couple of days I've gotten copies of this virus that look like they've come from just about every ShopBotter that I've ever heard of, so it looks like someone has the virus and all of us in their address book.

The funny thing about this virus is that it doesn't use a Windows exploit or anything fancy like that...it's just a message with an attached zip file that activates the virus when you open the attachment.

So the lesson for today is "Don't open attachments unless you know the person that's sending it to you, you're expecting an attachment from them, and it's clear from the message that they've attached something that they want you to have". If there's ANY doubt, send them an email questioning it before you open it.

Oh yeah, run an antivirus program and keep it up to date. And if the un-thinkable happens and you get one of these mass-mailing viruses, the free version of the ZoneAlarm firewall will keep it from sending itself out.

Bill

superiorsignshop@cableone.net
01-29-2004, 12:21 PM
Hey Bill & Bill: I found out I sent a virus to someone in Wales. Funny thing, I DON'T KNOW anyone in Wales. I just did as both of you suggested, and cleanded everything up. Thanks as always for the good advice.
Doug

gerald_d
01-29-2004, 12:25 PM
Doug and everyone else, don't believe the e-mails that come in and tell you that you have infected someone else - unless you actually find the virus on your machine. Most of those notices are hoax.

artisan
01-29-2004, 12:35 PM
One more thing I'd like to add. It seems that viruses are obviously mutating constantly. There is also a second class of java scripts, small insidious programs and registry entries that somehow get past the best firewall and antivirus combinations currently available. These often go by the name of "spyware" and are used to tag and track your movements on the web....and then report back to whomever inserted it. They are often intertwined with other "usefull" programs and are almost always attached to "free" programs (nothing is free). At any rate, I discovered a little program called "Spybot, Search and Destroy" (you can Google it) and ran it on my supposedly CLEAN computer...I use McAfee and Black Ice. I was astonished to find over 100 undetected files hiding on my workstation. These things steal bandwidth and track your movements....but are otherwise benign....for now! I ran Spybot on a friends computer with Norton antivirus and firewall and found over 500 unwanted items...it was pretty amazing. I'm not endorsing the product (the guy seems OK and works for donations)...I just wanted to make Botters aware of it....and that someone is apparently always watching....D

charles48
01-29-2004, 08:02 PM
I had a peper trojan on my machine that was driving me nuts w/ popups a month ago. I found a site that help me get rid of it. Spybot or Ad-Aware would not take care of it. I have updated my Norton virus software and Norton Internet Security. I do not accept cookies from most sites. I have had my Virus software pickup 6-8 different emails with the MyDoom virus in the last 2 days. Keep your security screwed down tight. http://english.chosun.com/w21data/html/news/200401/200401290014.html

sheldon@dingwallguitars.com
01-30-2004, 01:18 PM
I have a friend who's having the same (possibly) trouble with popups. What site helped you get rid of the trojan?

Also, I rarely open attachments even from people I know. I do however preview the message in the preview pane at the bottom of Outlook's inbox window. I've heard conflicting reports about weither that can alow a viral attack or not. Anybody know for sure?

charles48
01-30-2004, 06:35 PM
This is the site. These guys are great. Good luck to your friend.
http://forums.net-integration.net/index.php?act=idx

robtown
01-31-2004, 08:24 AM
www.doxdesk.com (http://www.doxdesk.com) is good for sniffing out spyware.

bill.young
01-31-2004, 09:30 AM
Ad-aware at http://www.lavasoftusa.com/software/adaware/ is another good (and free) spyware detection and removal program.

Support
01-31-2004, 02:35 PM
Let's not post email addresses other than your own. And I would suggest that if you post your own that you mask the email address by adding spaces, substituting at for @, or some way that an email address cannot be easily picked up. You can contact the poster of a message by clicking on the poster's name to bring up his/her profile or by right-clicking and looking at properties. Thanks.

artisan
01-31-2004, 06:42 PM
Bill....I tried Ad-Aware....it was recommended by CNET. If you run Ad-Aware first and then run Spybot...(I have already done this) Spybot will catch a much greater number of files that are missed by the free version of Ad-Aware. There is yet another program called "Spyware Blaster" that works in a different way than SpyBot...and will catch things that SpyBot misses. Another nice feature of both of these programs is that they will apparently "immunize" your computer, once an unwanted file is identified and block it from re-entering your system. If you've never run one of these programs...prepare to be a bit alarmed by the results. It's a little depressing, what has happened to the net. You must of course, update them all due to the new mutations and profiles that keep proliferating....D