Tour Madrid with MadridMan! BACK TO
MadridMan.com!
Sponsored Links

Page 1 of 4 1 2 3 4 >
Topic Options
#61075 - 11/28/01 01:34 PM URGENT!!! VIRUS WARNING!!
Wolf Offline
Member

Registered: 01/25/01
Posts: 1235
Loc: Rockford, IL/Milton, WI, USA
Everyone.......

I received an email through the MadridMan mail service from "paloisac." It's a virus. DELETE ANY EMAILS THAT HAVE COME FROM ME!

Bad one! Sends out emails to everyone on your lists! Immediately disinfect your harddrives!

I found it residing in both my system files and in my restore files, and remember, it came through the MadridMan mail forwarding system, so we can't assume everything going through there is safe!

I guess I found someone who likes to fight using their computer as a tool. I guess I must be saying something they don't like.

Screw 'em! Especially since the virus was forwarded to some very interesting people beyond me, who have already started their investigation into who sent it. They're not the type of people some may want to deal with.

Wolf

[ 11-28-2001: Message edited by: Wolf ]

Top
#61076 - 11/28/01 02:17 PM Re: URGENT!!! VIRUS WARNING!!
pim Offline
Member

Registered: 11/07/01
Posts: 662
Loc: Brussels
WOLF,

PALO ISAC IS ME!!!
(So please don't you get paranoid about a 'strange conspiracy' or anything remotely like that!)

At around 9:30 AM this morning(Spanish time) I noticed two things; firstly, I got a msg from someone that belongs to the MadridMan forums(and whose name I won't say now) with two strangely titled attachments that wouldn't open. Thank God, I guess. (I REALLY don't know if this has anything to do with the fact that....)

THEN I opened my Outlook(which I never use) and found a msg from another member, LostinMadrid, letting me know that a virus was sent to him from my mail address! :(, and I also found many returned mails(delivery failure) that supposedly I had sent, and believe me, the addresses of those people....I knew nothing about!!!, though I recognized one because it was lomoconqueso@something....! I'm a TOTAL IGNORANT when it comes to these 'technologies' and I panicked a little bit, so immediatly I sent MMan a mail explaining what was happening and asking for his advice (poor guy!).
All day long I've been 'monitoring' the little 'situation' as well as I was able to from the office(didn't have access to the Outlook at home).
I've been checking MMan site regularly, and since nobody said anything was wrong, and I was getting no reply from MMan I honestly thought everything was fine, so I didn't say anything!
Now I see that there aren't any more 'alien' returned mails, so I guess no more than 6 to 8 people must have gotten 'my virus'¿¿¿???
And I've finally heard from MMan, who can probably explain much better than me QUE PUEDE ESTAR PASANDO, 'cause I have no clue!!!
I'm so puzzled, I've never come across a virus problem before. I never thought one would use MY NAME, ARRGGHH!!!

PLEASE SORRY FOR ANY INCONVENIENCES SOME OF YOU MIGHT HAVE, I FEEL AWFUL, BUT I HAVEN'T DONE ANYTHING(OTHER THAN BE PREOCUPIED ALL DAY) frown

And do as Wolf says....

Any questions or suggestions??

pim.

P.D.: I'm quite nervous, so I hope everybody understands what I wrote.

[ 11-28-2001: Message edited by: pim ]

Top
#61077 - 11/28/01 02:51 PM Re: URGENT!!! VIRUS WARNING!!
taravb Offline
Executive Member

Registered: 02/22/01
Posts: 736
Loc: Ames, Iowa, USA
Hi, all--
It looks like you may be talking about the "badtrans" virus, which is described at http://vil.mcafee.com/dispVirus.asp?virus_k=99069&

It's been all over the place recently--pim and Wolf, it's not just you two! I don't fully understand it, but it has something to do with setting up a keystroke reader so that your typing can be monitored. If you have an active and updated anti-virus program running, though, you should be okay. And I think (though don't quote me here) that you have to have opened the attachments in order for it to execute itself on your hard drive. Anyway, it's worth doing a scan of your drive to be sure it's not there, and remember not to open attachments unless you are expecting to receive them! The thing that makes this virus and others like it so tricky is that it mails itself from your friends (and who doesn't get all sorts of goofy things sent by friends?).

Anyway, pim and Wolf, don't take it personally--it's like a flu virus--it doesn't discriminate and it wasn't sent to you intentionally (though it was, obviously, started intentionally by some creep--but that's another story!).

There are stories on this virus on most of the online news services, too. It really picked up on 11/25 or so.

Tara

Top
#61078 - 11/28/01 04:22 PM Re: URGENT!!! VIRUS WARNING!!
pim Offline
Member

Registered: 11/07/01
Posts: 662
Loc: Brussels
GOT IT!!!

WOLF, TARA(thanks); it's the bad, bad, Bad Trans! Those who speak Spanish, read all about it in www.el-mundo.es Uff!, it looks like I'll be able to get some sleep tonight after all.

EVERYBODY, BE VERY CAREFUL!, YOU DON'T EVEN HAVE TO OPEN THESE ATTACHMENTS TO GET 'INFECTED'. frown

pim

Top
#61079 - 11/28/01 04:42 PM Re: URGENT!!! VIRUS WARNING!!
Wolf Offline
Member

Registered: 01/25/01
Posts: 1235
Loc: Rockford, IL/Milton, WI, USA
pim,

It isn't your fault. These viruses spread like wildfire. I only indicated the name of the source that I got it from, so nobody would open an email from it at this time. I thought your name was safe, and you couldn't have done anything to stop it from spreading. I guess the more popular we are with emails, the faster and farther it spreads.

As of now, I'm still battling to remove the damned thing from my computer. I have it deactivated, but can't seem to bail it out of my restore area, so it doesn't exist. As of now, I'm using a 3rd source for sending emails, but don't intend to send any out, especially using the Microsoft Outlook. That seems to be where it can generate. So much for Microsoft's wonderful software - mad

The only thing we do know is that the source of it seems to be common to those of us who have communicated with each other, but it could have come from any outside source, just one computer infected, spreads.

Well, that's all for now. At least it doesn't seem to be destroying everything on my harddrive. If anyone can tell me how to really remove these files from my restore area, I would be eternally greatful. It's a nightmare finding them.

Wolf

Top
#61080 - 11/28/01 05:25 PM Re: URGENT!!! VIRUS WARNING!!
Shawn Offline
Executive Member

Registered: 07/28/00
Posts: 308
Loc: mentally - Spain, Physically -...
Thanks for alerting us. I recieved the Paloisac@terra.es e-mail. I recieve a lot of updates from Spain related sources, so I would have normally opened the attachment. I am not very savy about viruses, but I guess I shall be more vigilant in the future.

[ 11-28-2001: Message edited by: Shawn ]

Top
#61081 - 11/28/01 05:45 PM Re: URGENT!!! VIRUS WARNING!!
MadridMan Offline


Executive Member

Registered: 05/06/00
Posts: 9080
Loc: Madrid, Spain (was Columbus, O...
WOW. What a day! mad I RECEIVED no less than EIGHT of these infected/virus emails today from a number of sources, some of which are active message board members (two of those who have posted above, in fact -- but I don't blame you at all) from their "home" email accounts. I'm assuming that these emails aren't necessarily coming from the servers which house these email accounts, but the email addresses themselves are "harvested" from people's email program's Address Books. I know that Outlook (and Outlook Express??) can automatically add the email address to EVERY incoming email message so BOOM! You have an address book full of EVERYONE from whom you received personal email AND SPAM. So, it seems, if I've ever sent you an email or if the message board has sent you an email with a Private Message Notification then THAT email was/could have been automatically added to your address book which would explain why I've gotten DOZENS of these viruses in the past 3 or 4 days.

LUCKILY, I have a constantly working Norton's Antivirus program on ALL the time and it scans ALL incoming email, catching EVERYTHING! I suggest if you haven't gotten one yet, get yourself an AntiVirus program NOW!! YOU NEED IT! Protect yourself and your friends, those in your address book by these nasty and annoying and potentially damaging viruses. My computer hasn't been infected at all, running full system scans every couple of days and getting Live Updates of new viruses on the internet in order to insure MY safety as well as YOURS on the message board. Unfortunately, I can't know what's going on @ Spain.com or the web host which carries MadridMan.com, but I'm RATHER confident they're doing constant full-system scans frequently and have Antivirus protection measure in place.

Word to the wise: DO NOT OPEN/EXECUTE ANY ATTACHED FILES UNLESS THE SENDER IS KNOWN AND DESCRIBES THE ATTACHED FILE IN THE TEXT OF THE MESSAGE AND YOU'RE CONFIDENT IT'S REALLY SENT BY THE SENDER AND NOT SOME VIRUS ROBOT. If at all unsure, delete it and apologize to the sender -- no real harm done then. GET YOURSELF AN ANTIVIRUS PROGRAM ASAP!!

If you read below, these viruses propagate themselves through Microsoft's Outlook and Outlook Express (As wolf says). FOR THIS REASON ALONE, I use the FREE Eudora Light email program.

DETAILS ABOUT THE VIRUS:

Description:
This memory-resident Internet worm is a variant of WORM_BADTRANS.A. It propagates via MAPI32, has a Key Logger component, and arrives with randomly selected double-extension filenames.

It does not require the email receiver to open the attachment for it to execute. It uses a known vulnerability in Internet Explorer-based email clients (Microsoft Outlook and Microsoft Outlook Express) to automatically execute the file attachment. This is also known as Automatic Execution of Embedded MIME type.

[ 11-28-2001: Message edited by: MadridMan ]
_________________________
Visit BarcelonaMan.com for Barcelona information, Transportation, Lodging, & much MUCH more!

Curious about what could POSSIBLY be inside the brain of MadridMan? Visit MadridMan's Madrid Blog

Top
#61082 - 11/28/01 06:28 PM Re: URGENT!!! VIRUS WARNING!!
DavidB Offline
Member

Registered: 09/25/00
Posts: 63
Loc: Adelaide, SA, Australia
Madridman

You are 100% correct - everybody should have an up to date Anti Virus Program on their Computer. It doesn't matter whether you are using Microsofts products or not for eMail as virus's are spread also via Floppy Disks, Zip Disks and even CD's as files are transferred from one PC to another.

The "Badtrans" Virus Family (there is a mutation currently out and about and is causing most of the damage) consists of 2 viruses - W32/Badtrans-B which is a Worm Virus that propergates the Trojan PWS-AV. The description of what is does is as follows:-

Description:

W32/Badtrans-B is a worm which uses MAPI to spread. The worm
arrives in an email message with no message text. The attachment
filename is randomly generated from three parts. The first part
is taken from the list:

FUN
HUMOR
DOCS
S3MSONG
Sorry_about_yesterday
ME_NUDE
CARD
SETUP
SEARCHURL
YOU_ARE_FAT!
HAMSTER NEWS_DOC
New_Napster_Site
README
IMAGES
PICS

The second from the list:

.DOC.
.MP3.
.ZIP.

and the last from:

pif
scr

If the attached file is run, it copies itself into the Windows
system directory with the filename KERNEL32.EXE and changes the
registry key
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce so that
the worm runs the next time Windows is started. The worm also
drops a file named kdll.dll, which is the password stealing
Trojan Troj/PWS-AV.

To disinfect your Computer you MUST get a current Anti Virus Program and keep it up to date (for your information there are currently 68,963 known viruses active throughout the World) and follow the instructions form the Program. I use Sophos Anti Virus both here where I work and at home and find it to be very good. The link to read how to disinfect your computer is at:- How to disinfect Badtrans-B

Simply replace any reference to Sophos with your preferred Anti-Virus Program. There is plenty of help on that page for those using Me and XP who have problems with the Virus still in their System Restore folder.

Once this is done, go to:- Microsoft Patch

and download this patch and run it to assist with future problems.

Above all DO NOT OPEN ANY EMAILS FROM PEOPLE THAT YOU DON'T KNOW!!!!!.

Combating Computer Viruses is a part of what I do for a living, however I would be much happier if I didn't have to do it at all.

David
_________________________
“Travel light and with an open mind and a smile”

Top
#61083 - 11/28/01 06:44 PM Re: URGENT!!! VIRUS WARNING!!
taravb Offline
Executive Member

Registered: 02/22/01
Posts: 736
Loc: Ames, Iowa, USA
Yeah, Wolf, I read somewhere that this virus is especially tenacious on the computers of people who write lots of puns...let's hope Cali doesn't get it too.

Or is that the "badjokes" virus? I think the "badtrans" virus hits those of us who do a really BAD job of TRANSlating things between Spanish and English. Ouch--now I've got the "badjokes" one too!

If we don't laugh, we'll cry.

Tara smile

[ 11-28-2001: Message edited by: taravb ]

Top
#61084 - 11/28/01 07:13 PM Re: URGENT!!! VIRUS WARNING!!
Antonio Offline


Executive Member

Registered: 05/07/00
Posts: 1176
Loc: Madrid (Spain)
For those of you who speak Spanish, you can visit Centro de Alerta Temprana Sobre Virus Informáticos . At this website you'll find information about the latest viruses in the wild, as well as information and links collected from many sources (antivirus and security companies).

Like Madridman, I don't use Microsoft Outlook which has plenty of security bugs.

However, those and other viruses also take advantage of serious security bugs in Microsoft Internet Explorer!!. I remember a few weeks ago my antivirus warning me about a trojan trying to break into my system after visiting a website!!. What can you do about that?. Well, download an updated version in which these bugs are not present (yet!!). Also keep an eye on Microsoft's patches for their products.
_________________________
The best tips from your favourite hostal in Madrid.
Hostal Chelo at http://www.chelo.com

Top
Page 1 of 4 1 2 3 4 >

Moderator:  MadridMan 
Welcome to the ALL SPAIN Message Board!
MadridMan's Live WebCam
Shout Box

Newest Members
LauraG, KoolKoala, bookport, Jake S, robertsg
7780 Registered Users
Today's Birthdays
No Birthdays
Who's Online
0 registered (), 1645 Guests and 1 Spider online.
Key: Admin, Global Mod, Mod
MadridMan.com Base Menu

Other Martin Media Websites: BarcelonaMan.com MadridMan.com Puerta del Sol Plaza Santa Ana Madrid Tours Madrid Apartments