A new computer virus out there

[Geri Comstock]

In case you hadn't heard yet, there's a new computer virus out there that affects PC's. I have a Mac and this virus doesn't affect Macs.

I discovered this because someone who has my email addy in their address book is infected. The virus sent emails to several email addys that didn't exist, so email I'd never sent was bounced back to me as being undeliverable. Heh. Now that was quite a surprise.

I asked my husband about the possibility of a new virus; just yesterday, he'd been notified at work about this new virus. I happened to be listening to talk radio this AM and they did an hour program on the new virus.

If you have a PC, you might want to check it for the new virus.

Geri

[KellyG]

Received this today from our "IS" group warning us about a new virus.

"A new mass mailing worm was discovered last evening. This worm arrives as an attachment to an e-mail with various subject lines and message bodies. If the attachment is executed, the worm can open a "back-door" on the infected machine. This back-door can allow an attacker to run an arbitrary code on the infected machine, as well as use the machine to gain access to network resources.
There are three variants of the body of the message:
1. Mail transaction failed. Partial message is available.
2. The message contains Unicode characters and has been sent as a binary attachment.
3. The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The Subject line is usually one of seven variants:
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error
If you receive this e-mail, please delete it immediately. "

[Dr. John]

Mine came in as a regular e-mail from cr loo with a comfirm glass order it took 5 hours to get rid of it.
John

[KellyG]

John, are you running a virus scan software?

[Tony Smith]

Unless you updated your virus definitions this morning, your virus software wouldn't catch it.

I had two of them last night and three more today. One was from Northwest Art Glass... an undeliverable message... CRLoo? Northwest Art Glass??? Maybe it was a manufacturer's computer that got nailed.

There's new virus definitions available on http://www.mcafee.com for those who use viruscan. I'm sure Symantec has their's out as well.

Tony

[Tony Serviente]

A reminder-Never open an attachment unless you are expecting it, even if it is from someone you know. Many viruses will capture the address books from an infected PC, and propagate themselves through mailings to everyone in it. They exploit our trust in receiving mail from someone we know, and when an attachment is unwittingly opened, voila, infection! If you get an unexpected attachment, email back to the sender and confirm that it is legit. I would highly recommend a virus scan program. I subscribe to McAfee and have not had an infection, yet. I also hang a clove of garlic from my monitor to be safe.

[Geri Comstock]

My error messages came late yesterday afternoon (between 4 and 5 pm PST). The error codes were from two websites/domains I'd never heard of:

http://www.rioting.com

http://www.yellowcardrock.com


Out of curiousity, I looked at them both and they appear to be music related. So, does this imply that the person who's system is infected has my email addy as well as email addy's with those domain names in it? Or does this virus just keep growing its list of email addys as it travels from system to system?


Geri

[Dani]

We have an earlier thread going on this subject.... can we combine them? Brad posted some good info about the virus. I've received one bad email but deleted it immediately so don't seem to have a problem. The virus scan info posted earlier was definitely useful.

[Jack Bowman]

I don't see the other thread so I'll reply here.

I got one this morning from rogers.com but didn't open it. Updated my virus files and three have come in since.

saltspring.com

studio@crystallo.com

and one from NW Artglass.

Turns out the target is a Utah Corporation that is involved in a lawsuit with Microsoft. The target date is Feb 8, so we might have a mess for a few days.

Jack

[Tony Smith]

Turns out the target is a Utah Corporation that is involved in a lawsuit with Microsoft. The target date is Feb 8, so we might have a mess for a few days.

Jack

It's actually not a Microsoft issue this time. A corporation in Utah owns the rights to the Unix operating system and is claiming either copyright or patent infringement against the folks that make Linux.

Tony

[jerry flanary]

Hey
I've got this weird crap going on w/ my computer that I want to share. If anyone has had a similar experience- Please help me out:
While websurfing, some site popped up and then my Norton told me that aggressive code was encountered and that it blocked that pop up. Before it did though, this code reset my homepage to find4u.net and it added 4 or 5 "Free webcam" sites to my favorites list. "No big deal," I thought and deleted all these things and reset my homepage. But it resets itself at startup, with in the first second or two of running. I updated my Norton and searched for it. Nada. I used ad-aware 6.0 which found 1 malware and 4 data miners which I promtly deleted thinking that I finally had done it. Nope. Then I tried this other program that lets you look at the startup sequence but it didn't show me any thing I couldn't see in the registry. I emailed find4u and my computer was attacked about an hour later by someone from S. Korea, according to Norton who stopped the attack. All in all, I suspect this file winlogon which has about the same creation time as the initial problem. I cannot delete this file as it reads as a system file. I am running windows 2000 professional so I cannot use system restore.
I know this is outside the main scope of this board but I am desperate- I am writing this from my parents aol dialup connection!

[Tony Smith]

Try this:

http://www.merijn.org/files/CWShredder.exe

Click fix and reboot

This information from the computing.net security forum
http://www.computing.net/security/wwwbo ... /8710.html

Tony

[Mike Byers]

Jerry: sounds like a browser hijacker rather than a virus to me. Try Spy Bot, which finds things that AdAware doesn't; if this doesn't work, download Hijack This! and run it. Hijack This! isn't particularly user friendly, but it will find things that other programs won't.

[Jack Bowman]

It's actually not a Microsoft issue this time. A corporation in Utah owns the rights to the Unix operating system and is claiming either copyright or patent infringement against the folks that make Linux.

Tony[/quote]

You are correct. They did mention Unix and Linux. Not sure where I got the MS part. Maybe because they're using MS platform to attack the company in question.

Jack

[Barbara Muth]

Jerry: sounds like a browser hijacker rather than a virus to me. Try Spy Bot, which finds things that AdAware doesn't; if this doesn't work, download Hijack This! and run it. Hijack This! isn't particularly user friendly, but it will find things that other programs won't.

Exactly. I had a similar situation that we fixed just last night (and I can't recall what software we used). Found the nastly little virus that did it too....

B

[starchimes (Andrea)]

Be careful using spybot. I had major problems with my computer after using spybot. Took me weeks to get it working close to normal again. It seems to be a little too agressive and can change system settings. I was unable to connect through dial up modem for quite awhile. Use ad-aware.

[Stuart Clayman]

I am surprised at how many people got hit from the glass world. I have been getting about 4 or 5 of these bad e-mails a day. Once it opens up it goes into your address book and then sends e-mails to everyone in your address book but picks one of the names as the sender. So you do not see which computer was effected.

The effected e-mails that are arriving are either 31 or 32K in size and have an attachment.

There are some problems with using yahoo, but one of the benefits is that my address book is not on this computer so if I ever did open it there would be nothing for it to do. Also another benefit of yahoo is the spam control that ATT.BI did not have. Comcast has some on it.

[PaulS]

If you use Outlook Express, turn off the preview pane.

That way you only see the list of e-mails, the subject, from (who) and date.

So if only the above is viewable, I can see if it's junk or not and if there is an attachment.

Go to view>preview pane (click for on or off).

I figure if the preview pane opens the e-mail then the code is released.

I could be wrong... please tell if I am.

You can get free anti-virus software at

http://www.grisoft.com/us/us_dwnl_free.php

...and download the free update every Thursday or set it to look for the update itself.

Good stuff for free.

Turn your firewall on. (or was that a Tom T Hall track I'm thinking of?)

[Stuart Clayman]

The bad e-mail that I just got was from Comments@warmglass.com

Who has that in their address book?

[Jenny]

This virus is crazy! I am getting about 10-15 infected emails a day, mostly from what appears to be people on this board even though no one on this board has this address (it's my "spam" address) and I don't even post here. I've also received one from Skutt, gecko glass, etc. and I have never dealt with either of those companies. I've started getting them from people on the Silicon Folly board, and I even received one from myself today! However, I have been updating frequently and scanning my system a couple times a day. It's clean. It is a Yahoo address and they don't seem to have their filters up to date yet.