alpines
[Top] [All Lists]

Re: New Virus Alert

To: sosnaenergyconsulting@home.com, Ian Spencer <ian@sunbeamalpine.org>
Subject: Re: New Virus Alert
From: Mailer <frodo4@ix.netcom.com>
Date: Tue, 27 Nov 2001 10:09:12 -0800
Now you get my $.02 worth.
When I talk about viruses with people they ALWAYS say "oh I only open 
attachments from people I know". WRONG RESPONSE!!!  Viruses will almost 
always be from people you know - not because they hate you but because a 
virus typically propogates by sending itself to everyone in your address 
book. So if you have a virus in an attachment and open it, before it 
announces itself to you as a virus it will have sent itself to everyone in 
your address book. If this happens the first thing you must do is email or 
phone everyone in your address book warning them not to open an attachment 
from you.

Two indicators are
1.  The subject line is usually very gereric or mis spelled.  When my 
friend Bill sent me one with the subject "Here's a really cool way to make 
money " I knew it wasn't from him. He's 73 and doesn't use the wird cool.
2.  The name of the attachment  file maybe of the form  "name.xxx" where 
xxx are extensions line doc, exe, jpg  . If you ever see  .exe, .com, .vbx 
, do not open these. If  you ever see a file name of the 
form  'name.xxx.xxx'    NEVER open these.

Good luck
John


At 02:07 PM 11/26/01 -0800, sosnaenergyconsulting@home.com wrote:
>Hi Ian and all:
>I checked with a friend who messes with computers all day long and he
>says this virus has been around since April 2001.  So most of the
>current Norton stuff would be (I assume) able to filter it out.
>
>He also had some advice for me about NOT sending info regarding viruses
>as "attachments".  Since it's quick and easy, I didn't think of the
>consequenses:
>He says; the virus can be transmitted as an attachment.  The majority of
>viruses that attack windows boxes do it via fake attachment files." He
>says that since viruses can't be transmitted as text files, I should
>copy the text and put it into a new message.
>
>Also, he says; "the recommendation to use the REGEDIT to "fix" the
>registry is dangerous. If you've never tweaked your system's registry,
>beware.  If you delete the wrong thing, you could make your entire
>computer inoperable".  Scared the heck out of ME!
>
>Anyway, I wanted to pass his response on to you and everyone else and to
>thank you for sounding the warning.  Rather have a warning that turns
>out to have been (hopefully) something my system is capable of screening
>against than to NOT be warned and get zapped instead.
>
>Again, thanks.
>
>David Sosna
>
>
>Ian Spencer wrote:
> >
> > Everyone,
> > I received 2 emails this weekend with attachments that appeared as if 
> they were
> > sent by Microsoft.  I did not even open the attachment, just looked at 
> the email
> > in the preview pane only and still got infected.  The virus is brand 
> new (Norton
> > only discovered it Yesterday). One of the attachments was called 
> docs.doc.pif and
> > the other was ME_nude.MP3.scr. If you have received these, please 
> disinfect your
> > machines.
> >
> > Details:
> >
> > 1. Virus is called W32/BadTrans@MM or WORM_BADTRANS.B
> > 2. It is spred via email
> > 3. It sends itself to everyone in your address book (which is why I'm
> > alerting the list - some of you are in my address book)
> > 4. It also writes a "back door" trojan in your registry that records all
> > your keystrokes- which could allow someone via the net to access all your
> > passwords, etc.
> >
> > If you have Norton AV with latest definitions you should be ok.  If you 
> want to be
> > sure, look in your C:\Windows\System directory for two files: 
> Kernal32.exe and
> > kdll.dll.  If you have these files, delete them!  Also, look in your 
> registry (use
> > REGEDIT) for this entry: 
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
> > Version\RunOnce\Kernal32=Kernal32.exe
> >
> > If you have that entry, delete it (not the entire directories, just the
> > Kernal32=Kernal32.exe part) Keep an eye out for this one - its nasty.

<Prev in Thread] Current Thread [Next in Thread>