Nasty computer virus - beware!


#1

There is a very nasty e-mail-borne computer virus doing the rounds in Taiwan. I have spent hours trying to disinfect two friends’ computers, but the damn thing keeps replicating itself. Please be warned to take all necessary precautions. For expert advice, take a look at http://www.sarc.com/, and pay special attention to the information on viruses called Klez and Elkern.


#2

Since lots of ‘viruses’ come via email, and since many people use Micro$oft’s outlook, here’s a few tips I got off a website:

quote[quote]
    [*]Turn html mail off. (Make text based emails, you can always override the individual mail)[*]Adding "!0000" without an e-mail address, This WILL stop any worm sending viruses using your address book, The error will report to check your address book for a error. If you see this then you know something is sending emails without you knowing.[*]Finally, Use Norton 2001 - 2002 for AV (Or install once, scan, go back to what your using) I have not had any problems with what I have....[/list][/quote]

#3

If this goes on, the thread might better be placed in the Tech forum, but I will post my response here first - after all, its the open forum…

quote:
Originally posted by Geng: Turn html mail off. (Make text based emails, you can always override the individual mail)

Actually, if you are going to use electronic mail, you should use an email client, not an HTML/ActiveX/whatever client with some mail capability. If however you want everyone being able to control you computer just through an email (which happens with a number of viruses and worms) just stick to OE, especially with its default settings.

Btw, this wave should not have occured as the worm utilizes an IE security leak for which a patch was made available in March - last year… So anyone hit with the worm simply didn’t care for his/her computer’s security.

And while we’re on it: Do you need any VBScripts? If not, why (default setting…) do you have the Windows Scripting Host installed? To invite another “Iloveyou”?


#4
quote[quote] Adding "!0000" without an e-mail address, This WILL stop any worm sending viruses using your address book... [/quote]

Seems this will only work for some viruses, not all - see http://vil.mcafee.com/dispVirus.asp?virus_k=99213

Anyway, an acquaintance of mine claims to have disinfected several computers with Klez/Elkern on them. This latest virus can disable your Norton anti-virus program, so he said he did as follows:

    [*]Uninstall Norton anti-virus[*]Download and install another anti-virus program (he used PCCillin)[*]Run the new anti-virus program[/list]

    I must add that last night I made sure our office computers were fully up to date with all Microsoft’s critical updates, and updated Norton anti-virus. I had already disabled VBS with Norton’s free Noscript program. Nevertheless one of the computers crashed first thing this morning and I suspect it was due to someone receiving an infected e-mail.


#5

Damn. I’ve been so lucky the last few years.

I think I may have gotten this virus last night. Got a message from yahoogroups (in Outlook) but it showed no attachment and looked like it was empty… nothing, not even the usual Yahoo footer.

Scanned using housecall and got nothing, but then I got this message from zone alarm:

“ZoneAlarm blocked an attempt by a remote computer to communicate with port 80 on your computer. The attempt may have been a port scan seeking the presence of a web server or it may indicate the activity of a worm seeking the presence of a web server. In both scenarios, your computer is entirely safe from intrusion since you are not running a web server and ZoneAlarm blocked the connection attempt.”

Then I went to Yahoogroups to see the original message and it did have an attachment… file name “class.scr” and the file type specified was .wav / audio.

Any ideas about how I could have gotten the virus if the message I got was empty and there was no attachment I could see?

I’m hoping that maybe my host somehow checks mail and cleans it up before delivering it to me but I don’t even know if that’s possible… just can’t figure out how it wouldn’t show an att.

Based on the message I got from Zonealarm, do you think I did get infected or could it be something else?

Thank you thank you thank you,

Jennifer
My Taipei Baby http://mytaipeibaby.tripod.com
Resources for pregnancy and parenting young children in Taipei


#6

Zonealarm said it was an attempt from outside, nothing to worry about.


#7

Olaf is right. It’s not that big a deal for some computer to try to access port 80 on your computer. However, the email you received in looks suspiciously like a virus(.scr and audio type). There are ways to trick Outlook into thinking that the message is blank while running the attachment at the same time. I strongly recommend installing/updating an antivirus (or using an online one).


#8

But is it normal for me to get at least 100 of these alerts in the same day?

I also got one that said a remote computer was checking to see if I had a trojan (?) and that it was trying to access a port that is not usually used by legit sites… or something like that.

Still trying to find the message.

Jennifer
My Taipei Baby
Resources for pregnancy and parenting young children in Taipei


#9

I got a 159k (i.e. quite big) e-mail message containing the following text:

[quote]Hello,

Product Name: Microsoft Windows 98
Product Id: [color=blue](number deleted for security)[/color]
Product Key: [color=blue](number deleted for security)[/color]

Process List: NoneNone

Thank you.[/quote]

The HTML looks like this:

[code]

Hello,

Product Name: Microsoft Windows 98
Product Id: (number deleted for security)
Product Key: (number deleted for security)

Process List: NoneNone

Thank you.[/code]

The message appears to have been sent by me to myself, but it can’t have been sent from my computer because I only use web-based mail. Looks like a virus-generated message to me. Anyone else received messages resembling this one recently? Any ideas what’s going on?


#10

I got one like this. My brother suspected that an anti-virus software of another computer had received a virus-infected email from me because NAV was mentioned. But he wasn’t sure. What is it? This is the exact email:

Delivered-To:
From: 123 <my own address>
DATE: Tue, 5 Nov 2002 15:43:02+0000
X-Mailer: EBT Reporter v 2.x
To: my own address
subject: 123
X-Unsent: 1

Hello,

Product Name: Microsoft Windows 2000
Product Id: xxx

Process List:
NAV Auto-Protect NAV


#11

Got it - It is an e-mail-borne virus called I-Worm.Bridex (aka Brid). It is described at http://www.kav.ch/avpve/worms/email/bridex.stm. Apparently the virus won’t run on your computer if you have done the [b][color=red]critical updates (重大更新 zh


#12

I could swear on ol’ Billy G.s grave, if he were dead, I never got screwed by a virus. Yes NEVER</wiseass comment>

Beware, if you’re using IE 5.0 or 5.5, without the latest patch, you can get infected through a webpage. Who’d thunk of that?

Quick tip: [ul]
[li] Do not use IE[/li]
[li] Do not use Outlook/Outlook Express[/li]
[li] Update Windows often, people it’s only 3 clicks![/li]
[li] Buy a decent Anti-virus, there’re a couple of good free ones too.[/li]
[li] Save that attachement to a temp folder, scan with Anti-virus again, then open it, just to be safe.[/li]
[li] Last but not least, for the sake of humanity, there is NO REASON WHATSOEVER to click on an .EXE attachement.[/li][/ul]

If you do not follow the above, expect no mercy/kind ear/shoulder to cry on/oaahh etc. from anyone, other than immediate family members and really, really,really close friends. The reason why I’m pissed is 'cause every virus fest is the same old story, and my inbox is bombarded with crap.


#13

I use AVG it’s free and it’s pretty good. It has incoming an outgoing e-mail scanning. It’s updated very often.

http://www.grisoft.com