Computer Virus


#1

During this past week, many personal computers in Taiwan have been affected by a new maliciious strain of virus. Why don’t we start a discussion thread in the damage done by this virus, and ways to restore the computer’s full functionalities.


#2

there’s always new viruses coming out that can do a range of damage. I’ve been using Norton’s Ghost. It makes a “snapshot” of your drive and saves it as a file. Back this up on CD and you’ll save a few hours trying to reinstalling an OS. I’ve never been affected by an virus, but I have had windows die on me and having a ghost image saved alot of trouble.


#3

Hello, Geng:

Have you been affected by the latest virus? It first diabled my Norton antiviurs 2002, then it really did a job in mass mailing junk mail to addresses on my mailing list.

All these happened without my getting a forewarn from Norton.

It took me two days, a lot of hassel, and the engagement of a computer professional to rid my computer of the virus and restore the functionality of my Norton Antiviurs software.

Sometimes, I just wonder who has created all these viruses? Is it possible that the antivirus company creates its own product demand?


#4
quote[quote] I've been using Norton's Ghost. It makes a "snapshot" of your drive and saves it as a file. Back this up on CD and you'll save a few hours trying to reinstalling an OS. [/quote]

Hello, Geng:

I totally agreed with you about the use of Ghost. What I have done is to create an additional divide in my hard disk to store a compressed version of the the Ghost image, and update that file once every three months or so…


#5

I also use Norton Antivirus. Were your virus definitions current with the latest updates? If you have ADSL and leave your computer on a lot during the day, you can set the Norton Antivirus so that it will update automatically.

If you don’t get the newest updates, then of course you are vulnerable.

In regard to your computer sending out email messages to everyone in your addressbook without your knowledge, it may be possible to avert this by doing the following:

Go to your email program. Open the addressbook and make a new entry. The entry is
!0000

(That is an exclamation point followed by four zeroes.) This is entered as the name. You don’t enter any other information for this entry, no email address, no contact data, nothing.

If your computer attempts to send out email to everyone in your addressbook, this will be the first entry in the list, and you will get an error message. At that point, you can delete the unwanted outgoing email.

I read about this on the internet and it seems a good idea to me.


#6
quote:
Originally posted by Hartzell:

Go to your email program. Open the addressbook and make a new entry. The entry is !0000

(That is an exclamation point followed by four zeroes.) This is entered as the name. You don’t enter any other information for this entry, no email address, no contact data, nothing.


I am not sure that this would work. Because the virus this time first disabled my Norton antivirus 2002, so I would not be getting the new virus definition from the “automatic update” functionality. Next, the virus selected at random the names from my mailing list and sent out variations of junk emails.

When the problem first occured, Symantic home site had posted nothing as to suggestions on how get rid of the virus or restoring the functionality of the antivirus software. The site would not answer any email querry. Instead, its posting stated that it would bill US$4.95 per minute for telephone consutation. You call this “customer service”?


#7

Why don’t you sit in on a Linux meeting? The average GNU/Linux user
doesn’t worry about viruses or virus detection software.


#8

Why is that ?


#9

Date: 15 May 2002
Software: Internet Explorer
Impact: Six new vulnerabilities, the most serious of which could allow code of attacker’s choice to run.
Max Risk: Critical
Bulletin: MS02-023

http://www.microsoft.com/technet/security/bulletin/MS02-023.asp


#10

The simplest way to avoid viruses like these is to NOT USE OUTLOOK! Or if you have to use it, keep up to date on the patches (and I mean all of them) and make sure that your virus patterns are updated frequently.

The !0000 trick is simply an urban legend and will NOT work on new worms/viruses http://www.snopes2.com/computer/virus/quickfix.htm.

I’m assuming this is the Klez virus (it’s the only one I know of recently that disables antivirus). Thus, it has its own email engine and won’t even give you an error message. It only uses Outlook to find email addresses so the fake entry trick doesn’t work.

For removal information on Klez(and its variations), visit www.symantec.com/avcenter/
Symantec has a removal tool that should make things easier.


#11

GNU/Linux users don’t have to worry about viruses because they are still trying to set up their operating systems, if they’re normal people like me.

(Not that I’m a lover of M$, I just don’t have the time to work with something else!)

I also saw a report on Klez and variations that said that occasionally you might receive a notice from a mail host that you have sent out infected mail, but you really haven’t, because of the way Klez finds e-mail addresses on an infected computer (somebody else’s) and uses a random one or ones for the return address of the e-mails sent out. The report on Symantec’s web site said to do a full system scan, and if Norton says you don’t have Klez on the system, that’s probably what happened.

Terry


#12

Hi folks:

For those of you that want another choice,
but are not familiar with Linux, I would suggest moving to Mac OS X, I read somewhere that they’ll soon launch a new version for PC (something called Darwin_, so you don’t need to buy a MAC, you just buy the software and I think the MAC interface is pretty easy to use compared to Windows, since MS originally copied it from Mac

This new operating system kernel code is based on BSD Unix, so it’s harder to get infected with virus and another sort of hacker attacks…

Cheers,


#13

I started getting e-mail from myself and others that I know plus others that I don’t. They are all about 125K or so and I haven’t opened them and the two computers that I use are not infected according to their anti-virus programs and the two popular online ones.
Still, I keep getting this shit. Clearly, someone else in the chain of addresses that I know is infected…so the question – am I going to keep getting this junk forever or until every single person in the “chain” cleans his computer?


#14

Crackpot,
It’s probably only one person. The difficult part is actually tracking the person down. Klez essentially takes two random email address from anywhere on the infected computer (Outlook address book, html files, etc) and puts them in From and To. The only way to really figure out who sent the email is to look at the email headers. Even then, you usually only have the IP address…requiring quite a bit of detective work and a good deal of luck to trace back to the person.


#15

Thanks,
I will investigate that, but I was under the impression that this could grow exponentially with each person who opened the infected file infecting all of the people in his address book that also opened the file.
But I’m a crackpot, what do I know?


#16

Cumulative Patches for Excel and Word for Windows

Date: 19 June 2002
Software: Microsoft Office for Windows
Impact: Run Code of Attacker’s Choice
Max Risk: Moderate

http://www.microsoft.com/technet/security/bulletin/MS02-031.asp.


#17
quote[quote]I was under the impression that this could grow exponentially with each person who opened the infected file infecting all of the people in his address book that also opened the file.[/quote]

Not quite. Viruses are getting more devious recently and they are randomly infecting people. That’s why it hasn’t exploded exponentially. And to think that this is going to be my job next year…


#18

The Klez virus will be around for a long time - it is very smart. You cannot stop it arriving, even if it will cause you no harm. Sure your state of the art anti-virus software will stop it infecting your PC, IF it is up to date. Still you have the garbage in your Inbox.

Indivuduals can do nothing about it, apart from buy, or otherwise obtain, up to date antivirus software. The only solution I would see is that the anti-virus companies or micro$ put out a public domain permenant solution (not just a one time cleaner as was done for Nimda) - then just about everyone world-wide would have it. But, wow, would they lose some sales!!

Klez will not go away unless the people with the big bucks get together with a view to public relations.


#19

There is no such thing as a realistic “permanent solution” because people are the biggest obstacle. Of course, MS is also to blame for creating Outlook Express (which is the bane of all email administrators).

We’re not going to be able stop receiving Klez until email administrators ALL use virus filtering software. To get rid of Klez, ALL Internet users would need to have updated anti-virus software. Now, we can see the futility of this…MS can’t even get even get most people to update their software…