Tour Madrid with MadridMan! BACK TO
MadridMan.com!
Sponsored Links

Page 1 of 4 1 2 3 4 >
Topic Options
#61075 - 11/28/01 01:34 PM URGENT!!! VIRUS WARNING!!
Wolf Offline
Member

Registered: 01/25/01
Posts: 1235
Loc: Rockford, IL/Milton, WI, USA
Everyone.......

I received an email through the MadridMan mail service from "paloisac." It's a virus. DELETE ANY EMAILS THAT HAVE COME FROM ME!

Bad one! Sends out emails to everyone on your lists! Immediately disinfect your harddrives!

I found it residing in both my system files and in my restore files, and remember, it came through the MadridMan mail forwarding system, so we can't assume everything going through there is safe!

I guess I found someone who likes to fight using their computer as a tool. I guess I must be saying something they don't like.

Screw 'em! Especially since the virus was forwarded to some very interesting people beyond me, who have already started their investigation into who sent it. They're not the type of people some may want to deal with.

Wolf

[ 11-28-2001: Message edited by: Wolf ]

Top
#61076 - 11/28/01 02:17 PM Re: URGENT!!! VIRUS WARNING!!
pim Offline
Member

Registered: 11/07/01
Posts: 662
Loc: Brussels
WOLF,

PALO ISAC IS ME!!!
(So please don't you get paranoid about a 'strange conspiracy' or anything remotely like that!)

At around 9:30 AM this morning(Spanish time) I noticed two things; firstly, I got a msg from someone that belongs to the MadridMan forums(and whose name I won't say now) with two strangely titled attachments that wouldn't open. Thank God, I guess. (I REALLY don't know if this has anything to do with the fact that....)

THEN I opened my Outlook(which I never use) and found a msg from another member, LostinMadrid, letting me know that a virus was sent to him from my mail address! :(, and I also found many returned mails(delivery failure) that supposedly I had sent, and believe me, the addresses of those people....I knew nothing about!!!, though I recognized one because it was lomoconqueso@something....! I'm a TOTAL IGNORANT when it comes to these 'technologies' and I panicked a little bit, so immediatly I sent MMan a mail explaining what was happening and asking for his advice (poor guy!).
All day long I've been 'monitoring' the little 'situation' as well as I was able to from the office(didn't have access to the Outlook at home).
I've been checking MMan site regularly, and since nobody said anything was wrong, and I was getting no reply from MMan I honestly thought everything was fine, so I didn't say anything!
Now I see that there aren't any more 'alien' returned mails, so I guess no more than 6 to 8 people must have gotten 'my virus'¿¿¿???
And I've finally heard from MMan, who can probably explain much better than me QUE PUEDE ESTAR PASANDO, 'cause I have no clue!!!
I'm so puzzled, I've never come across a virus problem before. I never thought one would use MY NAME, ARRGGHH!!!

PLEASE SORRY FOR ANY INCONVENIENCES SOME OF YOU MIGHT HAVE, I FEEL AWFUL, BUT I HAVEN'T DONE ANYTHING(OTHER THAN BE PREOCUPIED ALL DAY) frown

And do as Wolf says....

Any questions or suggestions??

pim.

P.D.: I'm quite nervous, so I hope everybody understands what I wrote.

[ 11-28-2001: Message edited by: pim ]

Top
#61077 - 11/28/01 02:51 PM Re: URGENT!!! VIRUS WARNING!!
taravb Offline
Executive Member

Registered: 02/22/01
Posts: 736
Loc: Ames, Iowa, USA
Hi, all--
It looks like you may be talking about the "badtrans" virus, which is described at http://vil.mcafee.com/dispVirus.asp?virus_k=99069&

It's been all over the place recently--pim and Wolf, it's not just you two! I don't fully understand it, but it has something to do with setting up a keystroke reader so that your typing can be monitored. If you have an active and updated anti-virus program running, though, you should be okay. And I think (though don't quote me here) that you have to have opened the attachments in order for it to execute itself on your hard drive. Anyway, it's worth doing a scan of your drive to be sure it's not there, and remember not to open attachments unless you are expecting to receive them! The thing that makes this virus and others like it so tricky is that it mails itself from your friends (and who doesn't get all sorts of goofy things sent by friends?).

Anyway, pim and Wolf, don't take it personally--it's like a flu virus--it doesn't discriminate and it wasn't sent to you intentionally (though it was, obviously, started intentionally by some creep--but that's another story!).

There are stories on this virus on most of the online news services, too. It really picked up on 11/25 or so.

Tara

Top
#61078 - 11/28/01 04:22 PM Re: URGENT!!! VIRUS WARNING!!
pim Offline
Member

Registered: 11/07/01
Posts: 662
Loc: Brussels
GOT IT!!!

WOLF, TARA(thanks); it's the bad, bad, Bad Trans! Those who speak Spanish, read all about it in www.el-mundo.es Uff!, it looks like I'll be able to get some sleep tonight after all.

EVERYBODY, BE VERY CAREFUL!, YOU DON'T EVEN HAVE TO OPEN THESE ATTACHMENTS TO GET 'INFECTED'. frown

pim

Top
#61079 - 11/28/01 04:42 PM Re: URGENT!!! VIRUS WARNING!!
Wolf Offline
Member

Registered: 01/25/01
Posts: 1235
Loc: Rockford, IL/Milton, WI, USA
pim,

It isn't your fault. These viruses spread like wildfire. I only indicated the name of the source that I got it from, so nobody would open an email from it at this time. I thought your name was safe, and you couldn't have done anything to stop it from spreading. I guess the more popular we are with emails, the faster and farther it spreads.

As of now, I'm still battling to remove the damned thing from my computer. I have it deactivated, but can't seem to bail it out of my restore area, so it doesn't exist. As of now, I'm using a 3rd source for sending emails, but don't intend to send any out, especially using the Microsoft Outlook. That seems to be where it can generate. So much for Microsoft's wonderful software - mad

The only thing we do know is that the source of it seems to be common to those of us who have communicated with each other, but it could have come from any outside source, just one computer infected, spreads.

Well, that's all for now. At least it doesn't seem to be destroying everything on my harddrive. If anyone can tell me how to really remove these files from my restore area, I would be eternally greatful. It's a nightmare finding them.

Wolf

Top
#61080 - 11/28/01 05:25 PM Re: URGENT!!! VIRUS WARNING!!
Shawn Offline
Executive Member

Registered: 07/28/00
Posts: 308
Loc: mentally - Spain, Physically -...
Thanks for alerting us. I recieved the Paloisac@terra.es e-mail. I recieve a lot of updates from Spain related sources, so I would have normally opened the attachment. I am not very savy about viruses, but I guess I shall be more vigilant in the future.

[ 11-28-2001: Message edited by: Shawn ]

Top
#61081 - 11/28/01 05:45 PM Re: URGENT!!! VIRUS WARNING!!
MadridMan Offline


Executive Member

Registered: 05/06/00
Posts: 9080
Loc: Madrid, Spain (was Columbus, O...
WOW. What a day! mad I RECEIVED no less than EIGHT of these infected/virus emails today from a number of sources, some of which are active message board members (two of those who have posted above, in fact -- but I don't blame you at all) from their "home" email accounts. I'm assuming that these emails aren't necessarily coming from the servers which house these email accounts, but the email addresses themselves are "harvested" from people's email program's Address Books. I know that Outlook (and Outlook Express??) can automatically add the email address to EVERY incoming email message so BOOM! You have an address book full of EVERYONE from whom you received personal email AND SPAM. So, it seems, if I've ever sent you an email or if the message board has sent you an email with a Private Message Notification then THAT email was/could have been automatically added to your address book which would explain why I've gotten DOZENS of these viruses in the past 3 or 4 days.

LUCKILY, I have a constantly working Norton's Antivirus program on ALL the time and it scans ALL incoming email, catching EVERYTHING! I suggest if you haven't gotten one yet, get yourself an AntiVirus program NOW!! YOU NEED IT! Protect yourself and your friends, those in your address book by these nasty and annoying and potentially damaging viruses. My computer hasn't been infected at all, running full system scans every couple of days and getting Live Updates of new viruses on the internet in order to insure MY safety as well as YOURS on the message board. Unfortunately, I can't know what's going on @ Spain.com or the web host which carries MadridMan.com, but I'm RATHER confident they're doing constant full-system scans frequently and have Antivirus protection measure in place.

Word to the wise: DO NOT OPEN/EXECUTE ANY ATTACHED FILES UNLESS THE SENDER IS KNOWN AND DESCRIBES THE ATTACHED FILE IN THE TEXT OF THE MESSAGE AND YOU'RE CONFIDENT IT'S REALLY SENT BY THE SENDER AND NOT SOME VIRUS ROBOT. If at all unsure, delete it and apologize to the sender -- no real harm done then. GET YOURSELF AN ANTIVIRUS PROGRAM ASAP!!

If you read below, these viruses propagate themselves through Microsoft's Outlook and Outlook Express (As wolf says). FOR THIS REASON ALONE, I use the FREE Eudora Light email program.

DETAILS ABOUT THE VIRUS:

Description:
This memory-resident Internet worm is a variant of WORM_BADTRANS.A. It propagates via MAPI32, has a Key Logger component, and arrives with randomly selected double-extension filenames.

It does not require the email receiver to open the attachment for it to execute. It uses a known vulnerability in Internet Explorer-based email clients (Microsoft Outlook and Microsoft Outlook Express) to automatically execute the file attachment. This is also known as Automatic Execution of Embedded MIME type.

[ 11-28-2001: Message edited by: MadridMan ]
_________________________
Visit BarcelonaMan.com for Barcelona information, Transportation, Lodging, & much MUCH more!

Curious about what could POSSIBLY be inside the brain of MadridMan? Visit MadridMan's Madrid Blog

Top
#61082 - 11/28/01 06:28 PM Re: URGENT!!! VIRUS WARNING!!
DavidB Offline
Member

Registered: 09/25/00
Posts: 63
Loc: Adelaide, SA, Australia
Madridman

You are 100% correct - everybody should have an up to date Anti Virus Program on their Computer. It doesn't matter whether you are using Microsofts products or not for eMail as virus's are spread also via Floppy Disks, Zip Disks and even CD's as files are transferred from one PC to another.

The "Badtrans" Virus Family (there is a mutation currently out and about and is causing most of the damage) consists of 2 viruses - W32/Badtrans-B which is a Worm Virus that propergates the Trojan PWS-AV. The description of what is does is as follows:-

Description:

W32/Badtrans-B is a worm which uses MAPI to spread. The worm
arrives in an email message with no message text. The attachment
filename is randomly generated from three parts. The first part
is taken from the list:

FUN
HUMOR
DOCS
S3MSONG
Sorry_about_yesterday
ME_NUDE
CARD
SETUP
SEARCHURL
YOU_ARE_FAT!
HAMSTER NEWS_DOC
New_Napster_Site
README
IMAGES
PICS

The second from the list:

.DOC.
.MP3.
.ZIP.

and the last from:

pif
scr

If the attached file is run, it copies itself into the Windows
system directory with the filename KERNEL32.EXE and changes the
registry key
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce so that
the worm runs the next time Windows is started. The worm also
drops a file named kdll.dll, which is the password stealing
Trojan Troj/PWS-AV.

To disinfect your Computer you MUST get a current Anti Virus Program and keep it up to date (for your information there are currently 68,963 known viruses active throughout the World) and follow the instructions form the Program. I use Sophos Anti Virus both here where I work and at home and find it to be very good. The link to read how to disinfect your computer is at:- How to disinfect Badtrans-B

Simply replace any reference to Sophos with your preferred Anti-Virus Program. There is plenty of help on that page for those using Me and XP who have problems with the Virus still in their System Restore folder.

Once this is done, go to:- Microsoft Patch

and download this patch and run it to assist with future problems.

Above all DO NOT OPEN ANY EMAILS FROM PEOPLE THAT YOU DON'T KNOW!!!!!.

Combating Computer Viruses is a part of what I do for a living, however I would be much happier if I didn't have to do it at all.

David
_________________________
“Travel light and with an open mind and a smile”

Top
#61083 - 11/28/01 06:44 PM Re: URGENT!!! VIRUS WARNING!!
taravb Offline
Executive Member

Registered: 02/22/01
Posts: 736
Loc: Ames, Iowa, USA
Yeah, Wolf, I read somewhere that this virus is especially tenacious on the computers of people who write lots of puns...let's hope Cali doesn't get it too.

Or is that the "badjokes" virus? I think the "badtrans" virus hits those of us who do a really BAD job of TRANSlating things between Spanish and English. Ouch--now I've got the "badjokes" one too!

If we don't laugh, we'll cry.

Tara smile

[ 11-28-2001: Message edited by: taravb ]

Top
#61084 - 11/28/01 07:13 PM Re: URGENT!!! VIRUS WARNING!!
Antonio Offline


Executive Member

Registered: 05/07/00
Posts: 1176
Loc: Madrid (Spain)
For those of you who speak Spanish, you can visit Centro de Alerta Temprana Sobre Virus Informáticos . At this website you'll find information about the latest viruses in the wild, as well as information and links collected from many sources (antivirus and security companies).

Like Madridman, I don't use Microsoft Outlook which has plenty of security bugs.

However, those and other viruses also take advantage of serious security bugs in Microsoft Internet Explorer!!. I remember a few weeks ago my antivirus warning me about a trojan trying to break into my system after visiting a website!!. What can you do about that?. Well, download an updated version in which these bugs are not present (yet!!). Also keep an eye on Microsoft's patches for their products.
_________________________
The best tips from your favourite hostal in Madrid.
Hostal Chelo at http://www.chelo.com

Top
#61085 - 11/28/01 08:19 PM Re: URGENT!!! VIRUS WARNING!!
Wolf Offline
Member

Registered: 01/25/01
Posts: 1235
Loc: Rockford, IL/Milton, WI, USA
Tara,

You may be right. A virus directed at the punsters out here. Someone who just can't take a joke is trying to get even with us. But we'll win, because we can tell more bad jokes than they can make up bad viruses... wink

I think I eliminated the beast from my computer, since my McAfee virus package protected me enough that it wouldn't let it nest itself into vital areas.

I've always wondered what it is that makes people who are capable of designing a program as complex as a virus are doing, wasting their time. It seems that anyone with that much ability would put it to work for their own good, making money, honestly. The only thing they can get from a virus like this is a nice term in prison, where they can become "Nancy" for some hairy ape doing life... eek Hardly a prospect I'd wish on anyone, but in their case, I might be willing to make an exception. wink

Well, it was an exciting day. Let's hope we don't see any more like it.

Wolf

Top
#61086 - 11/29/01 01:45 PM Re: URGENT!!! VIRUS WARNING!!
Jaime Offline
Member

Registered: 08/19/00
Posts: 147
Does anyone know what exactly the virus can do? What kind of files its corrupts??

Top
#61087 - 11/29/01 06:19 PM Re: URGENT!!! VIRUS WARNING!!
DavidB Offline
Member

Registered: 09/25/00
Posts: 63
Loc: Adelaide, SA, Australia
Hi Jaime

For you and any others out there that are interested, the following is exactly what "Badtrans-B" Virus does. It may seem a little long but this is a very complex and malicious Virus. However, if you have an up to date Anti Virus Program then you should be OK. If not, follow the path in my previous posting to get the information regarding removal of the Virus.

Anyway here's the full description:-


W32/Badtrans-B is an email-aware worm which uses MAPI to spread. The worm forwards itself to addresses found on the infected computer as an email message with no message text.

The worm finds addresses to send itself to by searching the address book. Additionally it searches the internet cache and "My Documents" folders for webpages, looking for further email addresses to which to send itself.

If the worm is replying to mail found on the infected machine, it will use the infected user's address in the From: field of the email, otherwise it will use one of the following addresses in the From: field:

" Anna" <aizzo@home.com>
"JUDY" <JUJUB271@AOL.COM>
"Rita Tulliani" <powerpuff@videotron.ca>
"Tina" <tina0828@yahoo.com>
"Kelly Andersen" <Gravity49@aol.com>
" Andy" <andy@hweb-media.com>
"Linda" <lgonzal@hotmail.com>
"Mon S" <spiderroll@hotmail.com>
"Joanna" <joanna@mail.utexas.edu>
"JESSICA BENAVIDES" <jessica@aol.com>
" Administrator" <administrator@border.net>
" Admin" <admin@gte.net>
"Support" <support@cyberramp.net>
"Monika Prado" <monika@telia.com>
"Mary L. Adams" <mary@c-com.net>

The email uses a known exploit in certain versions of Outlook Express 5 in order to launch the attached file automatically. Microsoft has released a patch which reportedly addresses this vulnerability. (see previous post for a link to Microsofts site for the patch)

The worm generates a subject line by reading email on the infected machine and "replying" to it. For instance,

Re: <subject found by reading mail on infected machine>

For email addresses found via webpages in the internet cache or the "My Documents" folder, the subject line is simply "Re:" with no further text.

The worm attempts to create a name for the attached infected file by randomly generating it from three separate parts. The first part is taken from the list:

CARD
DOCS
FUN
HAMSTER
NEWS_DOC
HUMOR
IMAGES
info
ME_NUDE
New_Napster_Site
PICS
README
S3MSONG
SEARCHURL
SETUP
Sorry_about_yesterday
stuff
YOU_ARE_FAT!

The second from the list:

.DOC.
.MP3.
.ZIP.

(a bug inside the worm means that it never selects the ".ZIP." option)

and the last from:

pif
scr

For this reason the attached file can be called a large number of different names, including:

card.DOC.pif
docs.DOC.pif
fun.MP3.pif
HAMSTER.DOC.PIF
Humor.MP3.scr
IMAGES.DOC.pif
Me_nude.MP3.scr
New_Napster_Site.MP3.pif
Pics.DOC.scr
README.MP3.scr
S3MSONG.DOC.scr
SEARCHURL.MP3.pif
SETUP.DOC.scr
Sorry_about_yesterday.MP3.pif
Sorry_about_yesterday.MP3.scr
stuff.MP3.pif
YOU_ARE_FAT!.DOC.pif
YOU_are_FAT!.MP3.scr

If the attached file is run it may copy itself to the Windows or Windows system directory with the filename kernel32.exe and change the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce so that the worm runs the next time Windows is started. Note that the registry key will refer to the original attachment if the worm has not created a copy in the Windows or Windows system directories.

The worm also drops a file named kdll.dll, which is the Troj/PWS-AV password-stealing Trojan horse.

W32/Badtrans-B uses the Trojan Troj/PWS-AV to log a user's keystrokes in a file named cp_25389.nls in the Windows system directory. The log of keystrokes may be encrypted.

W32/Badtrans-B will attempt to send the log to one of the following email addresses:

ZVDOHYIK@yahoo.com
udtzqccc@yahoo.com
DTCELACB@yahoo.com
I1MCH2TH@yahoo.com
WPADJQ12@yahoo.com
fjshd@rambler.ru
smr@eurosport.com
bgnd2@canada.com
muwripa@fairesuivre.com
rmxqpey@latemodels.com
eccles@ballsy.net
suck_my_prick@ijustgotfired.com
suck_my_prick4@ukr.net
thisisno_****ing_good@usa.com
S_Mentis@mail-x-change.com
YJPFJTGZ@excite.com
JGQZCD@excite.com
XHZJ3@excite.com
OZUNYLRL@excite.com
tsnlqd@excite.com
cxkawog@krovatka.net
ssdn@myrealbox.com

So now you have it. Unfortunately there is no short way of describing what it does. Please link to the site in my previous post regarding removal of the virus as its not as simple as just deleting files.

Hope this helps.

David

smile
_________________________
“Travel light and with an open mind and a smile”

Top
#61088 - 11/29/01 06:56 PM Re: URGENT!!! VIRUS WARNING!!
expressdance Offline
Member

Registered: 03/10/01
Posts: 65
Loc: Boston, Ma USA
Yes, my computer contracted this virus yesterday. Yesterday morning I received an e-mail from PALOISAC and since the end of the address was an .es instead of .com, I figured it may be someone I know from Spain on a different address. Apparently not. I opened the e-mail only to find it was empty, with two empty attachments. Don't worry Pim, I know this wasn't an intentional thing. After logging onto the MM website, I read the virus warning, and then looked up a way to get rid of it, which takes about 10 minutes. You can't just go in and delete it, because it will tell you that windows needs it to run. Finally, I got my computer into safe mode and got rid of the bug! If anyone else has it and needs the deletion directions just let me know! That will teach me to open stuff from addresses I don't know!

P.S. Even though it seemed that the attachments didn't open, my computer still got the virus. So still, pim and the rest who got it and it didn't seem to open, search for these files:

KERN32.EXE
KERNEL32.EXE
KDLL.DLL
HKSDLL.DLL
INETD.EXE

[ 11-29-2001: Message edited by: MadridMan ]

Top
#61089 - 11/29/01 07:27 PM Re: URGENT!!! VIRUS WARNING!!
Tia Offline
Member

Registered: 02/18/01
Posts: 170
That´s exactly what happened to me, too.
I opened those two e-mails from Wolf and Pim (no hard feelings!) at my work and was very surprised since there was neither text nor attachment in them. I deleted them at once and when I had read the virus warning on the MMboard I called the support desk immediately. Thanks a bunch for all the information!

Tia (who hates hackers) mad

Top
#61090 - 11/30/01 05:41 AM Re: URGENT!!! VIRUS WARNING!!
Eddie Offline
Executive Member

Registered: 06/05/00
Posts: 1713
Loc: Phila., PA, USA
***********************
DO NOT OPEN any emails with "WTC Survivor" as the subject. It is a virus that will erase your whole "C" drive. It will come to you in the form of an E-Mail from a familiar person. If you receive an email called "WTC Survivor" do not open it. Delete it right away! This virus removes all dynamic link libraries ( .dll files) from your computer.
************************

I have recently received five (5) e-mails, apparently 5-copies of the same message (virus?) with the subject line blank. Each was 40k in size. The senders were supposed to be names I would recognize. I did what I considered to be the prudent course and deleted them. An e-mail that large doesn't really need an attachment for the 'worm' to do its dirty work. rolleyes

When I originally posted this message, there were three. It's up to five!

[ 11-30-2001: Message edited by: Eddie ]

Top
#61091 - 11/30/01 07:50 AM Re: URGENT!!! VIRUS WARNING!!
Antonio Offline


Executive Member

Registered: 05/07/00
Posts: 1176
Loc: Madrid (Spain)
From what Eddie said, it all seemed to be a hoax not a virus. Not surprisingly, I found the following information:

WTC survivor is not a virus but a hoax .

[http://www.hoaxinfo.com/]Hoaxinfo.com[/URL] has information and links about hoaxes.

[ 11-30-2001: Message edited by: Antonio ]

[ 11-30-2001: Message edited by: MadridMan ]
_________________________
The best tips from your favourite hostal in Madrid.
Hostal Chelo at http://www.chelo.com

Top
#61092 - 11/30/01 08:43 AM Re: URGENT!!! VIRUS WARNING!!
zero262quick Offline
Member

Registered: 08/02/01
Posts: 63
Loc: Eastern Shore of Maryland
Everyone...

Here is a temporary fix for this virus.

Create a new contact in your address book called 000! (three zeroes and an exclamation point). This new contact will be the first in the address book. When the virus tries to send itself to everyone in your address book, it will try to send to 000! and will not be able to because it is an invalid format. It will then stop the process, and therefore not mail itself to anyone else.
I would also recommend obtaining the patch from microsoft.

Forget virus software, no one needs it anyway. It is almost impossible to keep updated and it slows your system down considerably. Delete it. If you don't open unknown email attachments you shouldn't get any viruses.

Ben
pbchamp@intercom.net
_________________________
Ben
pbchamp@intercom.net
------------------------
I think there is a world market for maybe five computers.
- Thomas Watson (1874-1956), Chairman of IBM, 1943

"The more I meet new people, the more I like my dog."

Be happy while you're living, for you're a long time dead.
- Scottish Proverb

Top
#61093 - 11/30/01 09:18 AM Re: URGENT!!! VIRUS WARNING!!
Wolf Offline
Member

Registered: 01/25/01
Posts: 1235
Loc: Rockford, IL/Milton, WI, USA
Ben,

I understand that several governments have come up with a plan to ferret out all hackers. All people who are capable of creating a virus are going to be rounded up, and placed in big stadiums around the world. Then law enforcement agencies will use a crop duster to spray the stadium with a mixture of water, sodium pentathol (truth serum), and viagra. Naturally the hackers that create viruses will automatically stand up.

Wolf (Who dislikes hackers as much as Tia!)

[ 11-30-2001: Message edited by: Wolf ]

Top
#61094 - 11/30/01 10:28 AM Re: URGENT!!! VIRUS WARNING!!
churrocaliente Offline
Member

Registered: 10/29/01
Posts: 159
Loc: Miami Beach, FL
Hello, I have been quietly lurking through this thread but not posting. There are two things I have always wondered about, so since we are on the topic:

1) Don't all viruses have some funky three-letter attachment name after the "."
(like .pif, .vbs, .scr)? Is this the one sure way of knowing it's a virus and not a legit document?

2) Aren't most viruses designed to mess up windows pc operating systems? (I have a macintosh and my understanding is that mac os is generally immune.)

oh and of course ... Wolf ... don't quite follow your logic ... what if the hacker is a woman? They don't make viagra for ladies.

smile churrito
_________________________
Meridian: A Spain Travel Memoir

http://beachwriter.blogspot.com

Top
#61095 - 11/30/01 10:34 AM Re: URGENT!!! VIRUS WARNING!!
Wolf Offline
Member

Registered: 01/25/01
Posts: 1235
Loc: Rockford, IL/Milton, WI, USA
Churrito,

I beg your pardon. I do think they make it for ladies as much as they do for men.

Wolf (Skating on thin ice - rolleyes )

Top
#61096 - 11/30/01 10:59 AM Re: URGENT!!! VIRUS WARNING!!
MadridMan Offline


Executive Member

Registered: 05/06/00
Posts: 9080
Loc: Madrid, Spain (was Columbus, O...
I'm reluctant to make this suggestion because it might worry people more and because it would negate some of the nice, useful features on this message board. Also, in some way, it could help ME!

You could go into your "my profile" and change your settings to NOT receive email notifications when someone has sent you a private message and/or when someone has replied to your public posting on the message board.

What would do? How would this help?:

1) You would no longer get these email notifications and thusly you'd have to seek out your check your threads to see if/when someone has posted a reply.

2) You'd have to remember to check your "IN BOX" in your PRIVATE MESSAGE account on the message board through your "my profile" to see if anyone has sent you a private message.

3) And so, the virus bots won't get your email address, my email address, and therefore all the email addresses in your Address Book should the virus reside on your computer already or in the future, thereby slowing down the spread of this annoying virus.

4) By doing this, some of the nice, useful features won't be used and this would be sad after having upgraded once and hopefully again in 2002 to accomodate all Macintosh users who use MSIE.

5) I might also suggest people open/use a free HOTMAIL account which will scan all attachments for viruses (it seems Yahoo email accounts don't do this). You can use this as your message board email address and keep your PC safe... assuming you don't execute/open any of the Hotmail attachments even after you see that it's infected.

Hopefully no one thinks or believes this entire website is infected and is afraid to use it. This would be very sad to me frown . My webhost asssures all its users that their servers are all secure and virus free. It's just that these viruses are on people's computers and it's transmitted through the sending and receiving of email to/from a PC which is already infected.

Frustrated, MadridMan rolleyes
_________________________
Visit BarcelonaMan.com for Barcelona information, Transportation, Lodging, & much MUCH more!

Curious about what could POSSIBLY be inside the brain of MadridMan? Visit MadridMan's Madrid Blog

Top
#61097 - 11/30/01 04:49 PM Re: URGENT!!! VIRUS WARNING!!
zero262quick Offline
Member

Registered: 08/02/01
Posts: 63
Loc: Eastern Shore of Maryland
churrocaliente,
1) No. All documents, regardless of what type (text, movie, images, viruses, etc.) have a three letter extension. This is to specify what type of file you are dealing with and what applications will read it. It is NOT exclusive to viruses. Don't belive me? Right click on any file, choose properties, and you will see the extension.

2) No. Some viruses are worms, which simply send themselves to everyone in your address book. I have at least one of these on my system now. Some are harmless, others erase your hard drive. Also, any operating system is susceptible to getting viruses. If you can create an operating system, someone can create a virus for it. However, some OS are more susceptible than others. By monitoring your email, you should be virus free without any of the troublesome virus software.

If you have any other questions, or don't understand what I posted, you can email me.

MM,
I sure hope no one thinks your site is infected, that does not make sense anyway.

If they do, they are foolish; you have too great a site for gossip to bring it down.

Wolf,
Please don't generalize about hackers. Not all hackers are bad. There are good ones too. I am personally a hacker, but I don't do any damage. I hack my own system (that's not supposed to be a joke). I could hack your system, but I could go to jail. I can, however, look up information about anyone, like when they were online, where they live, etc.

Rounding all of us up and performing your "quarantine" would be very cruel, indeed.

Ben
pbchamp@intercom.net

[ 11-30-2001: Message edited by: MadridMan ]
_________________________
Ben
pbchamp@intercom.net
------------------------
I think there is a world market for maybe five computers.
- Thomas Watson (1874-1956), Chairman of IBM, 1943

"The more I meet new people, the more I like my dog."

Be happy while you're living, for you're a long time dead.
- Scottish Proverb

Top
#61098 - 11/30/01 08:46 PM Re: URGENT!!! VIRUS WARNING!!
expressdance Offline
Member

Registered: 03/10/01
Posts: 65
Loc: Boston, Ma USA
In terms of getting a free hotmail account, thats what I have. All incoming mail and downloads are scanned with Mcaffee virus scanner, and when I went to open the attachments, it said that they were scanned and no virus was detected. Although, when I did scan for the particular virus files found on the virus website, I found a couple of them. I tried to delete them normally, but it said that windows was using them to run, so I couldn't, and then had to go through the long deletion process. So, I guess that even the free accounts that scan will still get them!

Top
#61099 - 12/01/01 07:08 AM Re: URGENT!!! VIRUS WARNING!!
Antonio Offline


Executive Member

Registered: 05/07/00
Posts: 1176
Loc: Madrid (Spain)
I don't agree with Ben. Antivirus software it is effective if you use a good one and you have it automatically updated using the internet.

It's true that e-mail attachments is nowadays the most common way of virus infection but there are other ways in which your computer can get a virus.

If it wasn't for my antivirus, how could I have avoided getting infected by a javascript virus which came inside an HTML message with a reservation request?. Or how can I avoid getting infected by JS.Trojan.Seeker which I found while just browsing a website?.

My advise is that you do use an antivirus package, specially if you don't know much about computers.

As for the automatic virus checking at Hotmail, well.... hotmail is run by Microsoft and that makes it not very reliable. I wouldn't trust an e-mail attachment is 100% virus free just by coming through the hotmail virus checking system.

In fact, McAfee's Viruscan has proved to me it doesn't detect some viruses (for instance, the javascript one I mentioned above). Despite being one of the most popular and sold, facts are showing it is not as good as it claims.
_________________________
The best tips from your favourite hostal in Madrid.
Hostal Chelo at http://www.chelo.com

Top
#61100 - 12/01/01 05:15 PM Re: URGENT!!! VIRUS WARNING!!
Wolf Offline
Member

Registered: 01/25/01
Posts: 1235
Loc: Rockford, IL/Milton, WI, USA
Ben,

I apologize if you took my joke seriously. I had no idea it was politically incorrect to poke fun at hackers. Over the years, I've found that the best way to live with the problems we face each day, is to have a sense of humor. In other words, "When the world deals us lemons, make lemonade." I feel the virus that spread through our group was nothing more than a lemon.

As for the problems I have lived with, and continue to live with every day, they too are no more than lemons, and I joke about them as well. When I quit laughing, I'll probably shrivel up and die.

I also want to say that I appreciate your assistance regarding computers and viruses. Even though I've owned personal computers since the old Timex Sinclair (Have you heard about that little beast? :)), on to the various game type machines, the 286, 386, 486, and now 3 different Pentium class machines, I've never found it essential to do anything more than enjoy the fact they were available to me, as a source for work, education, and enjoyment.

As a hacker, you know there's a certain stigma attached to the description. Even though the vast majority of these people don't violate the law, just the fact that they are capable of invading a person's privacy makes all of us a bit ill at ease around them.

As for your ability to find out everything you'd want about me, that isn't too difficult. If there's anything you want to know, just ask. I'm not afraid of who I am, what I've done, where I've been, or where I'm going. I don't consider myself exemplary, but I do feel my life has not been wasted.

Once again, I apologize to you personally if you were offended. But not because I made a joke. Rest assured, I tell more of them about myself than any other subject... smile

In the words of the immortal Will Rogers;

Quote:
"We are here just for a spell and then pass on...So get a few laughs and do the best you can. Live your life so that whenever you lose, you are ahead."



Wolf (Whose favorite part of the Readers Digest is "Laughter Is The Best Medicine.")

Top
#61101 - 12/01/01 06:48 PM Re: URGENT!!! VIRUS WARNING!!
Tia Offline
Member

Registered: 02/18/01
Posts: 170
Ben,

Please, don´t be offended by my comment re hackers! It was NOT my intention to speak disparagingly about any person, neither you nor anyone else, who takes his/her work (hobby or whatever) with computers seriously! The thing is that the word hacker has a negative meaning in the everyday language and most of the time the people think of those virus spreading mischief-makers when you use the word hacker. I have a great respect for programmers and their knowledge of computer science but it makes me mad that some of them waste their scills in using computer information illegaly.

I hope you keep on throwing light upon our confusion at computer viruses.

Antonio, which antivirus software do you consider to be the most effective one?

Tia (who also thinks that a laughter makes it easier to deal with many things) smile

My question re antivirus software was not meant exclusively for Antonio, but I put the question to him since he pointed out that McAfee isn´t as good as claimed. Feel free to comment, anyone.

[ 12-01-2001: Message edited by: MadridMan ]

Top
#61102 - 12/01/01 11:10 PM Re: URGENT!!! VIRUS WARNING!!
zero262quick Offline
Member

Registered: 08/02/01
Posts: 63
Loc: Eastern Shore of Maryland
Antonio,

The reason I deleted my virus software is because it slows my system down tremendously. I have spoke with several people who build/program computers and they agree. The best way to avoid viruses is to NOT accept attachments at all, unless they are from the postmaster. I have Norton system doctor that runs on my system at all times and it monitors everything. I also have RamBooster, which frees up RAM whenever it drops below a specified level.

Wolf/Tia,

I know you were just joking. I was just clearing up the fact that not all hackers are bad. I do not do much "investigation" as you may call it anyway. The fact is, you can change and delete files on anyone's system if you know how. Just go to happyhacker.org
But know that you can go to jail for invading someone else's privacy. I would never do that, I don't have the motivation or the time.

The Sinclair? Yeah, I think the memory was 2KB and the hard drive was like 10KB or something! The hard drives were $600 back then for about a megabyte. Now you can get several dozen gigs for under $100. The processors now are over 1.3 GB! They say that processor speed doubles and price gets cut in half every 18 months.
BTW, you skipped the 4004 and 4008 machines laugh in between the Sinclair and the 40286.
How about the Apple IIe? I used to use those in school! Apple came up with some great ideas until Microsoft stole them all right out in from of them. If not for Apple, we wouldn't have the GUI today, and then Microsoft mad Windows wouldn't be possible.

Anyway, here is a site with some information on the virus and a patch. Microsoft Security Bulletin

Removal Instructions
or
Removal Instructions
or
Removal Instructions

Email me or post if you have any questions.

Ben
pbchamp@intercom.net
_________________________
Ben
pbchamp@intercom.net
------------------------
I think there is a world market for maybe five computers.
- Thomas Watson (1874-1956), Chairman of IBM, 1943

"The more I meet new people, the more I like my dog."

Be happy while you're living, for you're a long time dead.
- Scottish Proverb

Top
#61103 - 12/02/01 11:45 AM Re: URGENT!!! VIRUS WARNING!!
Antonio Offline


Executive Member

Registered: 05/07/00
Posts: 1176
Loc: Madrid (Spain)
Well, Tia, I don't consider any antivirus to be 100% perfect. The reason why I said I didn't like ViruScan was because it was unable to detect two viruses that were about to enter my computer. That's why I started to use a new one.

Currently, I'm using Kaspersky Antiviral toolKit Pro (AVP) which has been awarded as one of the best solutions. However, it seems it doesn't get on very well with Microsoft Outlook. This is not a problem for me because I don't use but I hope they enhance AVP's support for Outlook in the near future.

I'm not saying that AVP is the best solution but so far, it has proved to me to be better than Viruscan. However, I won't have any problem to switch to another antivirus if AVP doesn't work as it should.

---

Virus software does slow the system down but not in a way that you notice a delay when using it. Nowadays PCs are fast enough to run several programs at a time.

It's true that avoiding attachments (specially unknown and unsolicited ones) is a good practice. But, as I said before, there are still other hazards.

Uhm, Rambooster... I haven't tried this kind of software but it may cause conflicts with the antivirus, since both programs are monitoring what's in the memory.

I guess Rambooster tries to do what Windows should. The operating system should be the one in charge of memory management. Whenever a program is not using memory, it should be freed by the operating system and no by another program.

But, that's very common with Microsoft software. They all waste computer resources (memory, hard disk, CPU...) so that you have to buy new hardware to make it run.
_________________________
The best tips from your favourite hostal in Madrid.
Hostal Chelo at http://www.chelo.com

Top
#61104 - 12/02/01 12:01 PM Re: URGENT!!! VIRUS WARNING!!
churrocaliente Offline
Member

Registered: 10/29/01
Posts: 159
Loc: Miami Beach, FL
zero262quick

1) "No. All documents, regardless of what type (text, movie, images, viruses, etc.) have a three letter extension."

yes, I realize this ... but are there any extensions that are specific to viruses and NOT other files???

I have Norton on my macintosh G4 but it doesn't scan emails, it only scans the hard drive upon shutdown. I simply don't open any attachments unless I know they're coming.

If you think about it ... computer viruses work like their organic counterparts, but because it makes our computers, and not us, sick, many people take the possibility of "infection" for granted. I am amazed at how many .exe files people send me and all I can think is, why did you open this file???

eek

[ 12-02-2001: Message edited by: churrocaliente ]

[ 12-02-2001: Message edited by: churrocaliente ]
_________________________
Meridian: A Spain Travel Memoir

http://beachwriter.blogspot.com

Top
#61105 - 12/02/01 05:08 PM Re: URGENT!!! VIRUS WARNING!!
zero262quick Offline
Member

Registered: 08/02/01
Posts: 63
Loc: Eastern Shore of Maryland
churrocaliente,

There are not any specific extensions for viruses (that I know of), because after all, a virus is a program. If they did have specific extensions then it would be very easy to avoid them.

Viruses are commonly found as .exe (executable files). I just try to avoid attachments altogether.

Ben
pbchamp@intercom.net
_________________________
Ben
pbchamp@intercom.net
------------------------
I think there is a world market for maybe five computers.
- Thomas Watson (1874-1956), Chairman of IBM, 1943

"The more I meet new people, the more I like my dog."

Be happy while you're living, for you're a long time dead.
- Scottish Proverb

Top
#61106 - 12/03/01 08:12 PM Re: URGENT!!! VIRUS WARNING!!
DavidB Offline
Member

Registered: 09/25/00
Posts: 63
Loc: Adelaide, SA, Australia
Hi all.

Antonio – you are correct that Anti Virus Software is not 100% perfect but so long as you keep the identification files up to date then you are almost certain to stop any Virus from getting you.

Ben and churrocaliente – please look at my previous postings regarding the extensions that Viruses (in particular “Badtrans-B”) will have.

Ben, your comment about not opening any attachments, especially if you don’t know where they come from, is valid, but that Viruses are commonly an “.exe” is now not 100% correct. Please check the previous posting. “Badtrans-B” in fact can infect your PC by you simply opening the eMail containing an attachment. Now before you say “well don’t open the attachment”, I had “Badtrans-B” attempt to get me last night, and all I did was open the eMail, which was from a known Sender, and with a subject line that we had been corresponding on (“Badtrans-B” uses existing Message Subjects as a way of infiltrating systems) and attachments (I was expecting an eMail with some attachments from this source). At no time did I attempt to open the attachment, although the message did come up whether to “open it or save it”, however my AVS did detect that one of the attachments contained a Virus and warned me.

Regarding which Anti Virus Program is the best, well unfortunately it’s only as good as the operator who keeps it up to date. Some AVS companies are more vigilant at getting the latest identification files on line for people than others so its simply a trial an error method of finding the best. I personally use Sophos from England, but it is aimed at the Corporate market rather than the home user (I am permitted to use it at home as well as at work and I recommend it, and sell it to my Corporate clients). But I have other, small businesses (1 to 2 PC’s) who use Norton AVS and McAfee and are more than happy.

Regarding Anti Virus Software slowing your PC down then I suggest that you up-grade your PC as my AVS certainly doesn’t have an effect on the operation of my PC. It could be that you had your AVS scheduled to scan on a regular basis and this may have had an effect. However, as far as I am concerned “and ounce of protection is worth a ton of happiness” or as the Boy Scouts say “Be Prepared”. Also Ben, it really is not a good thing to boast that you are a “Hacker”, but a “Good Hacker”. Some people in the Computer Industry believe that “all hackers are bad hackers”, and are actively pursuing them, so please be careful with what you say.

Hope this helps

David smile
_________________________
“Travel light and with an open mind and a smile”

Top
#61107 - 12/04/01 05:32 PM Re: URGENT!!! VIRUS WARNING!!
zero262quick Offline
Member

Registered: 08/02/01
Posts: 63
Loc: Eastern Shore of Maryland
DavidB,

>>“Badtrans-B” in fact can infect your PC by you simply opening the eMail containing an attachment.<<

That's why I like Outlook Express so much - you can read the email without opening it.

>>people in the Computer Industry believe that “all hackers are bad hackers”<<

I was not bragging that I was a hacker, I was disproving the statement that all hackers were bad with an example. If people want to think they are all bad, that is just ignorance on their part and they can pursue me all they want, but computer data is so easy to erase.

Ben
pbchamp@intercom.net
_________________________
Ben
pbchamp@intercom.net
------------------------
I think there is a world market for maybe five computers.
- Thomas Watson (1874-1956), Chairman of IBM, 1943

"The more I meet new people, the more I like my dog."

Be happy while you're living, for you're a long time dead.
- Scottish Proverb

Top
#61108 - 12/04/01 06:12 PM Re: URGENT!!! VIRUS WARNING!!
DavidB Offline
Member

Registered: 09/25/00
Posts: 63
Loc: Adelaide, SA, Australia
Ben

Don't take me wrong on this thing, I'm only trying to help you avoid any potential future problems. Those in the Computer Industry who pursue hackers have many ways of stopping them, and one of them is to force the ISP that the Hacker is using to stop supply of their services to them. So, no connection to the world. Whilst that may seem to be against everything that all of us believe in (ie Freedom of Speech) it is a fact of life. So please, be careful.

Also re:

Quote:
That's why I like Outlook Express so much - you can read the email without opening it.

I use Outlook Express at home and have it set to view the body of the eMail in the Preview Pane BUT not to "automatically download the message in the Preview Pane". Even so "Badtrans-B" attempted to get onto my system but was stopped by my Anti Virus Software.

Check out the latest warning re "Goner-A" Virus.

David smile

[ 12-04-2001: Message edited by: DavidB ]
_________________________
“Travel light and with an open mind and a smile”

Top
#61109 - 12/04/01 11:44 PM Re: URGENT!!! VIRUS WARNING!!
churrocaliente Offline
Member

Registered: 10/29/01
Posts: 159
Loc: Miami Beach, FL
Hey guys, in the end isn't a hacker just someone who is extremely knowledgeable about a particular system and how it operates? Someone who is capable of subverting a system because of his/her proximity to it? Apply this knowledge for the benefit or disadvantage of others? This could be applied and has been applied to many different fields ... rolleyes
_________________________
Meridian: A Spain Travel Memoir

http://beachwriter.blogspot.com

Top
#61110 - 12/05/01 12:13 AM Re: URGENT!!! VIRUS WARNING!!
DavidB Offline
Member

Registered: 09/25/00
Posts: 63
Loc: Adelaide, SA, Australia
churrocaliente

You are 100% correct.

In a perverse way I admire those who are "hackers", and those who actually write the Viruses that roam the Internet, as they are extremely clever in the manner in which they go about what they do. I say perverse in as much as, because of them, I am extremely busy at work selling, and installing devices and methodologies to stop their end product from doing damage to businesses. Without them, life would be a little mundane to say the least.

So some good does come from what they do, as it means that I am kept in work which ultimately means that I can do what I love to do, which is to travel, especially to Spain.

But the main aim of this entire thread is to ensure that every-one uses some methodology to stop Viruses from infiltrating their Computer Systems.

David smile smile
_________________________
“Travel light and with an open mind and a smile”

Top
#61111 - 12/05/01 10:20 AM Re: URGENT!!! VIRUS WARNING!!
churrocaliente Offline
Member

Registered: 10/29/01
Posts: 159
Loc: Miami Beach, FL
Thankfully there are people like you out there willing to do "dirty work" for us!!!

Does it ever surprise you in your line of work that some people never want to take the time to learn the basics about their computers and how to keep them healthy? It's much the same with cars. I am much closer to my mac than my car. I wouldn't know how to change a tire, but I can easily change a hard drive. I have to put a note on my windshield to remind myself when to change the oil, but I run Norton Doctor every two weeks on my machine. Good thing I don't drive very much ... and if I had a boyfriend I'd have to give him some chore, right? (Honey, fix my car!)

When I found out about gone.scr I IMMEDIATELY called a friend of mine who has had virus issues in the past. I knew that if she opened that cleverly disguised virus, she would go through so much mental stress that it would be as if the virus had attacked her personally!!!

Churrito
_________________________
Meridian: A Spain Travel Memoir

http://beachwriter.blogspot.com

Top
Page 1 of 4 1 2 3 4 >

Moderator:  MadridMan 
Welcome to the ALL SPAIN Message Board!
MadridMan's Live WebCam
Shout Box

Newest Members
LauraG, KoolKoala, bookport, Jake S, robertsg
7780 Registered Users
Today's Birthdays
No Birthdays
Who's Online
0 registered (), 1645 Guests and 1 Spider online.
Key: Admin, Global Mod, Mod
MadridMan.com Base Menu

Other Martin Media Websites: BarcelonaMan.com MadridMan.com Puerta del Sol Plaza Santa Ana Madrid Tours Madrid Apartments