Subject: RE: Virus Alert Please Read From: Uncle_DaveO Date: 20 Jul 01 - 01:53 PM At the insistence of my computer tech, I bought and installed Norton Internet Security about two weeks ago. Since then it has caught and neutralized six attachment-borne viruses. On the other hand, I've not actually had any problems with viruses in the past, for two reasons: I used Netscape, not Outlook, and I've been VERY careful about opening attachments. Dave Oesterreich |
Subject: RE: Virus Alert Please Read From: pavane Date: 20 Jul 01 - 02:21 PM Looks like I received it too. From digitrad, supposedly. A file called horserun.zip.pif, but I looked at it using HEX editor and it was a windows executable, not a zip at all. Probably wouldn't have harmed, as I am using WIN95, and I think the worm needs at least WIN98. |
Subject: RE: Virus Alert Please Read From: Mrs.Duck Date: 20 Jul 01 - 04:10 PM Just got a e mail from Bills AOL account under the heading @No subject@. I didn't open it in view of the above but it could be that it is now affecting all his e mail accounts. |
Subject: RE: Virus Alert Please Read From: Steve Latimer Date: 20 Jul 01 - 09:16 PM I just got it. The title of the e-mail was "Lawyers", it was from a person I've never heard of it. I read the text and it was the "advice" one referred to earlier. I scanned it just to be sure and it was a worm. I deleted it. Bill, thanks for bringing it to our attention. |
Subject: RE: Virus Alert Please Read From: Bill D Date: 20 Jul 01 - 09:37 PM the email from Dick tried to come see me earlier, but I looked at it in a program that does NOT put it on my machine. I use an email checker that reads my mail ON THE SERVER without actually downloading it...and allows me to delete it without it ever getting to my machine. (it was full of weird code, and had that double ending on it..,zip,ife or whatever Then I have Norton....then I have 2 firewalls..... and I would not use Outlook Express if you paid me!..I use Eudora, or Calypso, or Pegasus, or the email reader in Agent... is all this overkill? perhaps, but even if I am sleepy and careless, all those safeguards scream at me if I even try to open a zip or an .exe without knowing exactly where they came from! |
Subject: RE: Virus Alert Please Read From: Amergin Date: 20 Jul 01 - 09:44 PM i love eudora....but there again many folks are ignorant of it...and plus the isps do not support it....at least we don't...we only support OE...and a couple of earlier versions of netscape... |
Subject: RE: Virus Alert Please Read From: dick greenhaus Date: 20 Jul 01 - 09:45 PM I'm sorry about the trouble my virus seems to have caused. Thanx to Jeri's helpful advice my system is once again pure--THANX JERI!---and all is well again. Be careful, though. Some other Mudcatters may have been infected. |
Subject: RE: Virus Alert Please Read From: Bill D Date: 20 Jul 01 - 09:58 PM WHY in the name of all that might be Holy, would an ISP not support Eudora and other such well known and decent email programs? Why & HOW can they deal only with Outlook & Netscape? I suppose I am lucky to have choices in an urbam center, but I'd have a WEB-based email only before I'd put up with that sort of narrowness! [I thought that any program that followed certain protocols(IMAP...etc..) would work with almost any ISP!..strange!] |
Subject: RE: Virus Alert Please Read From: Justa Picker Date: 20 Jul 01 - 10:03 PM When I first got on the Internet back in '95, my ISP gave me an installation software package, that had a shareware version of Eudora. I've been with it ever since, although I have tinkered with the other email programs, but never liked them. There's a certain elegance about Eudora. While I can appreciate the appeal of using a program that integrates email, newsreader and web browser all in one (as in Netscape Communicator, or IE/Outlook) I prefer to keep and maintain control over all my net apps, independently of each other. I don't worry about "wasting resources" because I have a speedy machine, large/fast hard drive, and more ram than I'll ever use. So it's Eudora for email, Nomad NewsReader for usenet, and IE for browsing. Usually I'm only running two of these three in the background at any given time. I'd switch back to Netscape if they could actually write a non buggy browser version that doesn't crash everytime upon booting, and then having to relaunch it (whereupon it stays up.) |
Subject: RE: Virus Alert Please Read From: Allan C. Date: 20 Jul 01 - 10:10 PM This was my first (and I hope last!) encounter with a virus. I think that I was able to rid my computer of it before the virus was sent to everyone on my email list. So far, Bill seems to have been the only recipient of a virus-laden email from "me", or more accurately, from the virus. Sorry, my friend. I hope nobody else on my list encountered any problems by way of my computer. The computer appears to be back in order again and no real damage was done to it. This is not an experience I would wish upon anyone. It feels to me much as it must feel to have one's house broken into and to be robbed. If nothing else, the virus certainly robbed me of a huge chunk of time. Bummer, man! |
Subject: RE: Virus Alert Please Read From: Amergin Date: 20 Jul 01 - 10:37 PM Bill, the reason why we don't support other email programs is that we don't supply them.... |
Subject: RE: Virus Alert Please Read From: Justa Picker Date: 20 Jul 01 - 10:49 PM Any email program using POP3 protocols will work with any ISP. It's a simple matter of entering the mail (SMPT) server name used by your ISP, your email address, your logon i.d. and password . Input this info in ANY email program and it will work. I have cable internet. @Home gives you this "installation" CD "to make everything work". Thing is, if you're a little computer savvy you don't need any of it, unless you want to be bombarded with advertising and cookie transponders, from those that are in bed with the ISP. All you need to do is go into "Network Neighborhood" and under "Indentification" enter your user assigned name (usually a combination of letters and numbers) and the name of the workgroup (which is "@home") and then just tell your browser you connect through a LAN (without proxy settings detected), enter the stuff for your email program, and away you go. Problem is the cable ISP's make it a little cumbersome because they want you to use their software and browser versions. You have to do a bit of digging on the tech support website, to get the info to input for SMPT and NewsServer useage. |
Subject: RE: Virus Alert Please Read From: Francy Date: 20 Jul 01 - 10:50 PM I just received two from Dick with the same message needing my advice with an attachment. I immediately deleted both without opening the attachment....My last name starts with J....thought i'd alert you all. |
Subject: RE: Virus Alert Please Read From: katlaughing Date: 20 Jul 01 - 11:09 PM Allan, it was so good of you to pass the word on by phone. Thanks too, to Jeri, Justa Picker and others who've posted good information here. I am rethinking our use of OE through @Home, now. So far, we've been okay and not received anything untoward. Thanks, kat |
Subject: RE: Virus Alert Please Read From: Grab Date: 20 Jul 01 - 11:10 PM Never got on with Eudora, mainly bcos I have (or had) several dial-up ISP accounts, and changing from one dial-up number to another was a pain. The best for that is Pegasus, the only trouble is that it's getting rather old now. Apparently the v4 beta of Pegasus is on its way soon - I'm looking forward to trying that out. The main thing I have against Outlook (apart from its crap security) is that it's designed for beginners with no regard for experienced users. You want to do anything complex, you really have to fight it to get it to do what you want. Oh, and crap ideas like integrating web and file browsers in there for god knows what reason. Graham. |
Subject: RE: Virus Alert Please Read From: Amergin Date: 20 Jul 01 - 11:48 PM well, I can imagine we'll be getting calls related to this thing soon... |
Subject: RE: Virus Alert Please Read From: DonMeixner Date: 21 Jul 01 - 12:24 AM I have had no end of grief with this. I used the F_Secure hook that Jeri supplied and I think its cured now. Hope its not in my office box. Don |
Subject: RE: Virus Alert Please Read From: campfire Date: 21 Jul 01 - 01:58 AM I got it too, from Dick, on a file called Joe May 1. I'm hoping that since my computer wouldn't open it, I didn't get it. I deleted all the addresses in my address book; can I assume then I can't spread it, or can it read addresses on e-mails I've saved, too? I'm downloading Jeri's suggestion as I type this. If it can read addresses on e-mails, a bunch of spammers are in for it, cuz I didn't empty my "trash" folder lately!! campfire |
Subject: RE: Virus Alert Please Read From: Brakn Date: 21 Jul 01 - 08:44 AM Just got rid of it! |
Subject: RE: Virus Alert Please Read From: Brakn Date: 21 Jul 01 - 08:47 AM EErrrrrrrr I hope. |
Subject: RE: Virus Alert Please Read From: bill\sables Date: 21 Jul 01 - 08:54 AM I just got another one from Annimetera Bill |
Subject: RE: Virus Alert Please Read From: George Seto - af221@chebucto.ns.ca Date: 21 Jul 01 - 09:05 AM I can't remember who thought it was silly of me not to use a more "advanced" browser and "e-mail". I use the Lynx Text Browser and the Pine Mail Reader. I don't get these things in the e-mail. I couldn't even save the attachment. Good luck everyone. I hope everything comes out right. I have had 3 other people send me the same thing, Actually, one of them wound up being 5 times the size of the others. |
Subject: RE: Virus Alert Please Read From: Bill D Date: 21 Jul 01 - 09:30 AM Thanks to JustaPicker for clarification of some things..(Amerigin...I was confused by what you meant by 'support'....I am assuming now that you mean programs that YOU actually provide copies/versions of in your installation package and will answer questions about) for anyone who wants to reconsider their Email client, here are 3 useful ones which are currently voted the best in their categories by the 'freeware' newsgroup. There ARE other choices, and as mentioned, Pegasus is soon to be upgraded again. |
Subject: RE: Virus Alert Please Read From: Bill D Date: 21 Jul 01 - 09:41 AM here is the program I use to look at, and if necessary delete mail BEFORE it is ever on my machine..... |
Subject: RE: Virus Alert Please Read From: Jeri Date: 21 Jul 01 - 09:57 AM Before I start repeating myself, one more comment: This virus/worm doesn't infect just an e-mail program, it infects Windows. Bill, and everyone else who's got it, you're gonna keep sending it until you get it off your computer. One more time with feeling - and this is IMPORTANT!!!
You have to repair the damage the worm has caused.
You have to get rid of the worm. The important things: 1) If you repair the damage the worm has done without removing the worm itself, it appears you will re-infect yourself every time you run a program. (I'm guessing on that last bit.) 2) If you remove the worm without repairing the damage, either before or after, your computer may not work properly.
HELP is here:
|
Subject: RE: Virus Alert Please Read From: Eric the Viking Date: 21 Jul 01 - 12:14 PM Looks like it got to "L" the next message after Bills was from"DicK'@digitriad" asking for advice. Deleted it without opeing, and am just about to live update from Norton. cheers Eric |
Subject: RE: Virus Alert Please Read From: Amergin Date: 21 Jul 01 - 01:56 PM BillD, you would be correct.except that it is not me who supplies the software....just the company I work for....and the reason we don't really support netscape much anymore is because they got bought by AOL....a competitor.... |
Subject: RE: Virus Alert Please Read From: GUEST,Mike Cahill Date: 21 Jul 01 - 02:16 PM Arn't I the popular one? I've not looked at my mail for about 24 hours, and I've just had to delete 22 copies of the virus. |
Subject: RE: Virus Alert Please Read From: Jeri Date: 21 Jul 01 - 02:20 PM Mike, nobody loves me at all. I've not received it once! Of course, my ISP may be blocking it, but I feel so left out... |
Subject: RE: Virus Alert Please Read From: Richard Bridge Date: 21 Jul 01 - 02:36 PM There's lots of good stuff here but two questios are screaming to be asked - but no-one yet has. 1. Which is the best anti-virus program to use? There are three essential qualifications. It has to be free. You have to be able to update it online (free) and it has to scan incoming email and downloads automatically. I used to use McAfee which seemed to work well - but I had got it free with an electronics components catalogue about 3 years ago, and updated and upgraded it free when the downloads were available free on the McAfee site - and then I had a crash and after 7 format Cs and a week on the phone to VIglen support I sent the computer back (they decided that was cheaper than the telephone support!) and I had to buy a new one to use whil the old one was back. I have not set the old one up again yet and trying to get validation on the old McAfee in order to get, free, back to where I had been would have ben just too much hassle. The I got a disc with a free InoculateIt on it but I could not get the damn thing to run or download updates at all so I junked that. Currently I have an obsolete Norton engine with up-to-date definitions, but to upgrade the engine would cost money, so I am thinking about trying Command (again of a free disk. Comments? The next is what email client to use. My ISP (Btinternet)will only support Outlook Express (and I suspect advice they gave me of causing my great crash) but I run Outlook (full version) 2000. I run Outlook because I want to get my incoming faxes to come up in the same inbox as my incoming emails - which Outlook 97 used to do fairly well with WinFax, and in theory Outlook 2000 ought to do with Symantex fax basic edition which was writtten for the purpose, but the only time I got it to work it would not let me print the fax. So I am likely to go back to Outlook 97 and perhpas Win 95 as it seems to be more stable than Win 98. I used (when I was running WIn 95) to run Bitware 3.0 to answer the telephone on a differnent line on com3, with faxes and data coming on on com2 but noe of this has ever worked with Win 98 and Office 2000. I would really, really like to get back to having my phone, fax, and email all showing in pretty much the same place on my desktop. Any suggestions? If that's too hard, what will let me recieve email and faxes in the same inbox Oh, you guessed it, it wants to be free. |
Subject: RE: Virus Alert Please Read From: Amos Date: 21 Jul 01 - 02:37 PM Just as a comment, notice the fraudulent attachment name. The same gimmick wa sused on the Love Letter virus. The REAL file suffix is ".bat" which means it is an executable command-line batch file that will run when called. The ".zip" is a fraudulent string put in the name to make you think it looks like an ordinary attachment of the type people send each other often. Not that we of the Mac world need to worry on this sort of crap -- we don't use openly accessible regisitry architecture the way the WinTel users do. But we're getting more vulnerable with the BSD migration starting with the "new advanced and improved" OS from Apple, which really is much better functionally, but could be more vulnerable to this kind of cyberviolence. A |
Subject: RE: Virus Alert Please Read From: clansfolk Date: 21 Jul 01 - 02:56 PM Add us to list - email with the "I send this file in order to have your advice" arrived yesterday - Norton's caught it although we never open email attachments and everyone who knows us is aware not to send them!
Only the one as above as yet but Simon recieved another one on his private account the other day. All were dispatched to the bin without b3eing opened a bit like the rest of the junk mail we get through the post!! Be alert - we need more lerts! :-)
|
Subject: RE: Virus Alert Please Read From: katlaughing Date: 21 Jul 01 - 03:07 PM I downloaded the new Norton 2001 AntiVirus, it screwed up all my connections, couldn't get online or email, and I had to spend an hour on the phone with tech support @home to get it straightened out. I had it set to automaticlaly check my email before it comes into my box, BUT it wasn't letting me get ANY, so they told me to disable Norton, altogether. Any advice on what I can do so that doesn't happen, again, if I activate Norton? Also, do I need Norton if I have InoculatIT or vice versa? Thanks, sorry of these are redundant. kat |
Subject: RE: Virus Alert Please Read From: Justa Picker Date: 21 Jul 01 - 03:19 PM Richard, I can't advise you on an e-mail client which will cover all the bases you've mentioned. You obviously want to be able to have your cake and eat it too. Nothing wrong with that, in a perfect world. :-) But sometimes, security and prudence in maintaining that security comes at a price, whether through the minor inconveniences of running separate programs to accomplish what you need. I use Eudora for e-mail, Delrina Winfax 7.0 (because every version they've brought out since 7.5 is dogshit i.m.o especially version 10)for fax purposes, and Norton Anti Virus. In my opinion Norton is head and shoulders above all the others, because of it's ability to catch viruses that McAfee and Thunderbyte and some others miss. I've been infected in the past using McAfee while lulling under a false sense of security. I've not had that problem with Norton, and it's Live Updates. Yep, you'd have to pay for Norton, but for the security and peace of mind it provides, it's worth it, and why should any software company provide software services, support and updates free? You get exactly what you pay for. Just my $0.02 |
Subject: RE: Virus Alert Please Read From: catspaw49 Date: 21 Jul 01 - 03:20 PM Sorry kat...After my initial disc problem, my download of Norton has worked fine and reads the mail first. when I had the problem, they couldn't have been better. Hmmmmm......... Spaw |
Subject: RE: Virus Alert Please Read From: katlaughing Date: 21 Jul 01 - 03:50 PM Thanks, Spaw, I think JP has it figured out for me; he just sent me some instructions I will work out a bit later. Thanks, JP! |
Subject: RE: Virus Alert Please Read From: DonMeixner Date: 21 Jul 01 - 05:13 PM I will admit that I haven't read this entire posting, been too busy deleting mail and trying to get controll of my computer. Excuse me if I'm naive about computers but can we delete our current address books to stop these continual mailings, clean our personal files, and rebuild our mail lists again. I have had mail from people I have never met asking who I am and why have I contacted them. Other people I have never heard of are thanking me for the virus. I think my end of the wire is clear now, but I keep getting hits. We need to devise a method where by we don't pass it around between ourselves at least. Don |
Subject: RE: Virus Alert Please Read From: Clifton53 Date: 21 Jul 01 - 05:20 PM I got the bloody worm from Dick G and foolishly opened it as well, then, since I could not read it, it was all code, I replied and sent it back to him. Sorry Dick, I should have known better.
How can one tell if one has this virus? I'm using Windows 95 as well. Problem is, about all I do on a computer is type. Clifton |
Subject: RE: Virus Alert Please Read From: catspaw49 Date: 21 Jul 01 - 05:41 PM Clifton, please go back and read Jeri's links. Spaw |
Subject: RE: Virus Alert Please Read From: Justa Picker Date: 21 Jul 01 - 05:52 PM And that method where by we don't pass it around between ourselves at least, Don, is to immediately quit using Microsoft Outlook...since as I've written before, 99.9% of all e-mail related viruses are written for it, and exploit its address book. Why should you have to delete your address book? Between Bill D., Jeri and myself, we've presented good alternatives. So it takes you an extra 15 minutes to learn a new e-mail program. Isn't the added security worth it? |
Subject: RE: Virus Alert Please Read From: Bill D Date: 21 Jul 01 - 06:00 PM here is probably the highest rated FREE anti-virus, now that InoculatelT has become a paid item... AVG Antivirus the DO have update on this virus on the site! here's a quote from the newsgroups... "I have AVG for 2 years and it is great... It has effective caught about 7 or 8 virii when being attached to email.. They also have periodic updates to deal with the new virii being released. " |
Subject: RE: Virus Alert Please Read From: Bill D Date: 21 Jul 01 - 06:24 PM funny, Symantec/Norton is not answering right now, but here a cut-n-paste from AVG about the virus Another mass mailing worm started to spread. It is a 134kB "whale", written in Delphi. Judging from encoded texts it comes from Mexico: [SirCam Version 1.0 Copyright (c) 2001 2rP Made in / Hecho en - Cuitzeo, Michoacan Mexico] The text is even included in following "diet" version: [SirCam_2rP_Ein_NoC_Rma_CuiTzeO_MicH_MeX] It sends itself be an email with the subject containing the name of an attached file and the body composed from following sentences: Hi! How are you? See you later. Thanks I send you this file in order to have your advice I hope you can help me with this file that I send I hope you like the file that I sendo you This is the file with the information that you ask for If user's preferred language in Windows is Spanish, the worm can adapt itself to the fact: Hola como estas ? Nos vemos pronto, gracias. Te mando este archivo para que me des tu punto de vista Espero me puedas ayudar con el archivo que te mando Espero te guste este archivo que te mando Este es el archivo con la informacion que me pediste The attached file is created from the main worm body and a randomly selected file (an archive, a document or an executable) coming from the infected computer. The original name of the file is preserved, the worm justs attaches another extension (pif, lnk, bat and com) to it. When run, the worm copies itself to various folders under different names: SirC32.exe, SCam32.exe, SirC32.exe, ScMx32.exe, Microsoft Internet Office.exe and rundll32.exe Then the worm re-creates the copy of the carrier file and if it is the EXE file it is instantly run. For other file types it tries to locate the corresponding application for opening the file: the WinZip for .zip files, Excel for .xls files and WinWord (or WordPad) for .doc files. The worm tries to ensure being regularly run by creating a Value 'Driver32' in the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ and by a modification of the key HKCR\exefile\shell\open\command (the same trick as I-Worm/PrettyPark). As the majority of new viruses, this one can spread itself to shared folders on the local network. It prefers the folders \recycled and \windows on network-mapped disks and secures its re-run by writing a line @win with link to the virus file to the file \autoexec.bat or by replacing system file rundll32.exe with its own copy. |
Subject: RE: Virus Alert Please Read From: Bill D Date: 21 Jul 01 - 06:35 PM oh, sorry, for those members in mainland Europe, I should have noted this about AVG "Important notices AVG 6.0 Free Edition is available in English language only. AVG 6.0 Free Edition offer is not valid for European users, except the users coming from United Kingdom. For these users we offer a free download of a 30-day Trial version of AVG 6.0 Standard Edition for their evaluation purposes - see more information below. NO TECHNICAL SUPPORT IS AVAILABLE WITH AVG 6.0 Free Edition. Please see our support offer for AVG 6.0 Free Edition here. |
Subject: RE: Virus Alert Please Read From: catspaw49 Date: 21 Jul 01 - 07:26 PM Just wondering here.................... I wonder how many 'Catters who WOULD NOT NORMALLY OPEN THIS THREAD have received this from either source? Assuming the address book made it to "F" that is possibly quite a few! I got the message as I said from dick and I didn't check at the time whether I was under Patterson (making it P) or Catspaw. In any case, there are some who may not be aware at this point.........maybe? Spaw |
Subject: RE: Virus Alert Please Read From: CarolC Date: 21 Jul 01 - 07:39 PM I had a problem with Norton, too. I just had a new hard drive put in my computer, and upgraded my windows and ISP software. I installed the Norton Internet Security 2001, and it messed up my computer. I deleted the Norton, and I still can't get my computer to recognize more than 12 colors, but I was able to regain my internet access at least (which I had lost temporarily). I have not recieved any e-mails with the virus that I know of. And I haven't called any tech support yet to see what the problem was with Norton. I'm kind of overwhelmed with new things to learn right now, because the upgrade means I need to learn a whole new way of using my computer. |
Subject: RE: Virus Alert Please Read From: katlaughing Date: 21 Jul 01 - 07:44 PM Spaw, at least everyone who was on Bill Sables' email list received a notice from him about, as he sent it out on his aol account early on. Still, I suppose there are some who have missed it, still. |
Subject: RE: Virus Alert Please Read From: catspaw49 Date: 21 Jul 01 - 08:00 PM Good point kat. The virus infected e-mail came to me from Dick and not Bill. I got the letter from Bill, but nothing from Dick.............I dunno....at this point, probably anyone who got it knows it so it was just an idle thought...... Spaw |
Subject: RE: Virus Alert Please Read From: Peter K (Fionn) Date: 21 Jul 01 - 08:36 PM Tom Lehrer saw this coming. CLICK HERE (make sure your speakers are on) for a relevant page, on a brilliant site. There are one or two misunderstandings floating around in this thread. In particular, Jeri, you need to know that there are viruses around now that do NOT require file attachments to be opened. One such that is rampant at present is known as MTX.9244. This proliferates as a trojan and a worm. The trojan element manifests itself as an incoming email with no subject, no message and a file attachment that is gobbledegook and can't be opened. It arrives simultaneously with a genuine email from someone already (and usually unknowingly) infested, and claims to be from that same person. At this point, if you're using Windows with OE or Navigator, your system is already infested. Moreover it will crash if you try to download, access or run McAfee or Norton or even go to their sites. As far as I know, Command is the only solution to this one, and costs about 20 bucks I think. But you'll also have to edit your registry file in line with their instructions. Also you'll probably need to reinstall winsck.dll and any other files the virus has over-written. Surely it is only a matter of time before we're all walloped by something really clever. Those dependent on Windows and OE are certainly the biggest targets. Justa Picker looks well defended, but for good measure I'd have the linux/Opera combination standing by on a second hard disk. . Bill and Justa Picker, where ISPs say they don't support certain email packages etc, what they usually mean (but don't say) is that these packages will run fine, but that their helpdesks aren't trained to give you any help. |
Subject: RE: Virus Alert Please Read From: Justa Picker Date: 21 Jul 01 - 08:54 PM Points well taken. Thanks Fionn. |
Subject: RE: Virus Alert Please Read From: Jeri Date: 21 Jul 01 - 09:18 PM I thought it was clear I was only talking about having to open the attachment to get this particular worm. Maybe not. In any case, I agree with Fionn, who knows a lot more than me on this subject. E-mail programs that read HTML and run the embedded scripts are extremely susceptible. (Does "kak" sound familiar?) Good song, by the way! |
Share Thread: |
Subject: | Help |
From: | |
Preview Automatic Linebreaks Make a link ("blue clicky") |