Renegade Public Forums
C&C: Renegade --> Dying since 2003™, resurrected in 2024!
Home » General Discussions » General Discussion » Warning: Spy Virus Spreading
Warning: Spy Virus Spreading [message #64037] Fri, 30 January 2004 00:03 Go to next message
Matt2405 is currently offline  Matt2405
Messages: 77
Registered: October 2003
Location: UK
Karma: 0
Recruit
If you have not read the papers or listened to the radio, a very dangorous virus
is spreading. It is coming in through in emails. If you don't have Norton Antivirus you better get it. Be very careful becuase it comes in from other people you know e.g. takavar2@yahoo.com sent me an email that had the virus in an attachment, I don't even know this person. You also recieve it from any of your friends. You could get it from anyone who has you in their address book. Mad

What the virus does is basically spy on you. It allows the idiots who made the virus be able to see what your typing! So if your purchasing something and you give your credit card details, thats all your money blown! Evil or Very Mad

This is just a very quick warning! Exclamation

http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html
Warning: Spy Virus Spreading [message #64038] Fri, 30 January 2004 00:42 Go to previous messageGo to next message
Xtrm2Matt is currently offline  Xtrm2Matt
Messages: 1318
Registered: February 2003
Location: England, UK
Karma: 0
General (1 Star)
This virus is also known as "MyDoom".

Quote:

Why We Are Issuing This Alert
At 9:00 A.M. Pacific Time on Wednesday, January 28, 2004, Microsoft began investigating reports of a variant of a new worm named "Mydoom" or "Novarg," known as Mydoom.B. This variant reportedly blocks access to some websites, including some Microsoft.com websites. The worm attempts to entice e-mail recipients into opening a message that has a file attachment. If the attached file is opened, the worm installs malicious code on the computer user's system and sends itself to all contacts in the user's address book.


http://www.microsoft.com/security/antivirus/mydoom.asp

Also, Symantec have made a tool to quickly remove this virus from your PC. They call it the "W32.Novarg.A@mm Removal Tool".

Quote:

The W32.Novarg.A@mm Removal Tool does the following:


Terminates the W32.Novarg.A@mm viral processes.
Terminates the viral thread running under Explorer.exe.
Deletes the W32.Novarg.A@mm files.
Deletes the registry values added by the worm.


http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.removal.tool.html

And if your not sure if you have the virus, then do this:

Quote:

If you use Windows XP

To find out if a computer is infected, do the following:

Click Start, and then click Search.
In the What do you want to search for? box, click All files and folders.
In the All or part of the file name box, type ctfmon.dll. If that file exists on the computer, the computer is infected with Mydoom.B, and you need to follow the steps below. Otherwise, the computer is not infected with that variant of the virus.


If you use Windows 2000 or Windows NT 4.0

To check for the worm yourself, do the following:

Click Start, and then click Run.
In the Open box, type cmd
Click OK. The black Command Prompt window will open, displaying C:\...> followed by a cursor.
Click the cursor, type dir ctfmon.dll /a /s and then press ENTER.
Wait a few moments:
If the results show File Not Found, the computer is not infected with Mydoom.B.

If you use Windows 98 or Windows 95

Click Start, and then click Run.
In the Open box, type command
Click OK. The black Command Prompt window will open, displaying C:\...> followed by a cursor.
Click the cursor, type dir ctfmon.dll /a /s and then press ENTER.
Wait a few moments:
If the results show File Not Found, the computer is not infected with Mydoom.B.


If any of the above actions actually find this .DLL file, i strongly advise you use the "W32.Novarg.A@mm Removal Tool" OR the steps below:

What to Do If Your Computer Is Infected

If your computer is infected, first try going to the website of your antivirus-software vendor to get the latest updates and information. If you are unable to access your antivirus-software vendor's site and need to fix the infection yourself, follow these steps:

Quote:

Click Start, and then click Run.

In the Open box, type cmd.

Click OK. The black Command Prompt window will open, displaying C:\...> followed by a cursor.

Click the cursor and:
Type del /F %systemroot%\system32\drivers\etc\hosts
Press ENTER.

Type echo # Temporary HOSTS file >%systemroot%\system32\drivers\etc\hosts
Press ENTER.

Type attrib +R %systemroot%\system32\drivers\etc\hosts
Press ENTER.

After typing these commands, do one of the following:
If you use Windows NT 4.0, restart your computer.
If you use Windows XP or Windows 2000, do not restart your computer.

Instead, do the following:
Type ipconfig /flushdns
Press ENTER.



Hope this helps Smile


http://www.OpticalGaming.com/matt/signature.jpg
http://www.OpticalGaming.com || irc.OpticalGaming.com
Re: Warning: Spy Virus Spreading [message #64041] Fri, 30 January 2004 01:57 Go to previous messageGo to next message
msgtpain is currently offline  msgtpain
Messages: 663
Registered: March 2003
Location: Montana
Karma: 0
Colonel
Matt2405


Be very careful becuase it comes in from other people you know


e.g. takavar2@yahoo.com sent me an email that had the virus in an attachment,


I don't even know this person.


Confused
Warning: Spy Virus Spreading [message #64042] Fri, 30 January 2004 02:06 Go to previous messageGo to next message
Aircraftkiller is currently offline  Aircraftkiller
Messages: 8213
Registered: February 2003
Karma: 0
General (5 Stars)
Funny thing is I get this shit all the time...

http://www.aspenth.com/ACK/WTF.jpg
http://www.aspenth.com/ACK/WTF1.jpg

I've had over 2,000 in the past two months... My solution is just to delete everything from people I don't know or if their e-mail\name is obviously fucked up.
Warning: Spy Virus Spreading [message #64044] Fri, 30 January 2004 02:50 Go to previous messageGo to next message
Sk8rRIMuk is currently offline  Sk8rRIMuk
Messages: 1019
Registered: February 2003
Location: Blackheath, England, Unit...
Karma: 0
General (1 Star)

Nobody really opens a .bat, .scr, .exe or any other executable application from a e-mail unless it's was expected to be sent by a good friend.

I get these e-mails a lot, even at my e-mail address that is not on any mailing list.

Best thing to do is why ACK does:

Aircraftkiller

Ive had over 2,000 in the past two months... My solution is just to delete everything from people I don't know or if their e-mail\name is obviously fucked up.


WOL Nick - Sk8rRIMuk

http://www.bwstudios.co.uk/private/sk8rrimuk.jpg

The one and only original "spammander"!
Warning: Spy Virus Spreading [message #64046] Fri, 30 January 2004 03:30 Go to previous messageGo to next message
England is currently offline  England
Messages: 618
Registered: February 2003
Location: High Wycombe, England
Karma: 0
Colonel
Keep this in mind

If you didnt ask for it, dont open it.

I have about 100+ emails containing this bullshit virus.


In the end it doesn't matter if you are who you say you are. You will still mean nothing to me.

When i have kids, everytime i drive past a fast food restaurant, im gonna punch my kid in the face, then they'll never wanna come..
Warning: Spy Virus Spreading [message #64048] Fri, 30 January 2004 04:30 Go to previous messageGo to next message
Majiin Vegeta is currently offline  Majiin Vegeta
Messages: 2186
Registered: February 2003
Location: London
Karma: 0
General (2 Stars)
if your stupid enuff to open it.. oh well..
Warning: Spy Virus Spreading [message #64049] Fri, 30 January 2004 05:47 Go to previous messageGo to next message
NHJ BV is currently offline  NHJ BV
Messages: 712
Registered: February 2003
Karma: 0
Colonel
Haven't seen it yet...I feel left out Crying or Very Sad Razz
Warning: Spy Virus Spreading [message #64051] Fri, 30 January 2004 05:58 Go to previous messageGo to next message
snipesimo is currently offline  snipesimo
Messages: 764
Registered: February 2003
Karma: 0
Colonel
Don't get norton. If you should run any AV run AVG. And also, the best way to prevent getting a virus is to not open email attachments.
Warning: Spy Virus Spreading [message #64052] Fri, 30 January 2004 06:01 Go to previous messageGo to next message
Deactivated is currently offline  Deactivated
Messages: 1503
Registered: February 2003
Karma: 0
General (1 Star)
And turn off HTML in Outlook Smile
Warning: Spy Virus Spreading [message #64056] Fri, 30 January 2004 06:35 Go to previous messageGo to next message
Yano
Messages: 640
Registered: February 2003
Karma: 0
Colonel
Lets see, I have gotten about 25 since Wensday Mad
Misconceptions [message #64060] Fri, 30 January 2004 06:59 Go to previous messageGo to next message
HeXetic is currently offline  HeXetic
Messages: 8
Registered: November 2003
Location: Toronto, Canada
Karma: 0
Recruit
A couple of misconceptions to clear up.

- MyDoom "works" because it looks like a ZIP file - not the more recognizeable EXE or BAT or VBS or COM or SCR etc. files - to the unfortunate shmuck who gets it in the mail. My own dad double-clicked on it even though I've told him in the past not to do stuff like that (happily, he doesn't have administrative privileges on the computer, so the virus couldn't actually do anything).

- The "from" address in pretty much all virus and spam e-mails is forged. If the mail says it's "FROM: hexetic@planetcnc.com" it was probably sent from a 286 in the mountains of Tibet. Various schemes are used to come up with the fake return address; sometimes it's random, sometimes the viruses use previously harvested e-mail addresses. It's all just to make the virus look a little more real and *also* create more havoc by generating throusands of "bounce" messages (sent by the mailserver when a mesage can't be delivered) or "returned mail" messages (sent by the mailserver when it thinks the e-mail has a virus - of course the guy to whom the mailserver returns the mail is almost certainly not the guy who's infected).

- The #1 best way to improve your safety if you use Outlook Express is to get a virus scanner. All of them are good, provided you get the updates and configure the virus scanner to either clean or delete infected attachments; unfortunately the default action is often "try to clean" (which fails if there's nothing to clean i.e. the file is 100% virus) then pass. I prefer Trend PC-Cillin (comes free with a lot of motherboards) myself. The #2 best way to improve your safety is to turn off the Preview Pane, which is The Root Of All Evil - View->Layout->Preview Pane.

- MyDoom doesn't automagically infect you if you open the e-mail, thank goodness. You have to actually double-click on the attachment to get whacked.

- If you run with User or Power User privileges only (Win2K and WinXP), then you can't get infected as you don't have the ability to install programs - including viruses like MyDoom.


Co-Director
Planet Command & Conquer
http://www.planetcnc.com/
Warning: Spy Virus Spreading [message #64139] Fri, 30 January 2004 16:09 Go to previous messageGo to next message
MrBob is currently offline  MrBob
Messages: 474
Registered: February 2003
Location: Virginia, USA
Karma: 0
Commander

I haven't gotten any with my Cox account. Maybe I should check my theoriginalmrbob.com account, I already get 40+ crap emails a day.

I was once stupid and opened a PIF file (thinking it was an image). I was still able to use the computer until I got Norton a few months later. Laughing


God is the "0wnage". Plain and Simple.

Visit http://www.theoriginalmrbob.com

"If there's one freak to be, it's a Jesus freak"

All your base are belong to us.
Re: Misconceptions [message #64153] Fri, 30 January 2004 16:59 Go to previous messageGo to next message
gibberish
Messages: 366
Registered: May 2003
Karma: 0
Commander
HeXetic

A couple of misconceptions to clear up.

- If you run with User or Power User privileges only (Win2K and WinXP), then you can't get infected as you don't have the ability to install programs - including viruses like MyDoom.


Although I would recommend only running with the priviledges you need to do your every day stuff.

The worst thing you can do is to become complacent about viruses.

You should never run suspicious files even as an ordinary user.
Unfortunately MS have too many privilege escalation bugs in their OS'es, for me to believe that "I am safe as long as I am not logged on as an administrator".

Just by 2 cents,
Gib
Warning: Spy Virus Spreading [message #64274] Sat, 31 January 2004 07:10 Go to previous messageGo to next message
Ferhago is currently offline  Ferhago
Messages: 1013
Registered: March 2003
Karma: 0
General (1 Star)
I have gotten two of these such emails. One was from "The _Cozzy@something" and the other I dont remember. I usually delete any email I dont expect

Edit: Just got a third one from "cncgenocide@aol.com" Must be pulling them from te forums
Warning: Spy Virus Spreading [message #64291] Sat, 31 January 2004 08:51 Go to previous messageGo to next message
Scythar is currently offline  Scythar
Messages: 580
Registered: February 2003
Location: Finland
Karma: 0
Colonel
Let's see....I've got none at all, and I use Hotmail. Shocked

There's a hole in the sky through which things can fly.
Warning: Spy Virus Spreading [message #64295] Sat, 31 January 2004 09:41 Go to previous messageGo to next message
Matt2405 is currently offline  Matt2405
Messages: 77
Registered: October 2003
Location: UK
Karma: 0
Recruit
I got 2, one from "SomeRhino@renevo.com" and one from "takavar2@yahoo.com" at first. And I recieved a load more after, I would say I have recieved about 8 all from different people.
Warning: Spy Virus Spreading [message #64351] Sat, 31 January 2004 13:38 Go to previous messageGo to next message
Jaspah is currently offline  Jaspah
Messages: 1478
Registered: July 2003
Location: Syracuse, New York
Karma: 0
General (1 Star)
So far so good... Does the virus effect the Hotmail.com servers? Or the fact I use their service, not Microsoft Outlook?



EDIT: It doesn't effect Hotmail servers! Yay!

(I checked the Symantec databases.)
Warning: Spy Virus Spreading [message #64359] Sat, 31 January 2004 14:02 Go to previous messageGo to next message
IRON FART
Messages: 1989
Registered: September 2003
Location: LOS ANGELES
Karma: 0
General (1 Star)
Most web services have filters...Use them.

Also if you use Outlook Express, turn off the prieview pane.
WRF???? [message #64439] Sat, 31 January 2004 20:28 Go to previous messageGo to next message
TAKAVAR is currently offline  TAKAVAR
Messages: 2
Registered: January 2004
Karma: 0
Recruit
WTF . i didn't open shit , how did i get it ? i'm TAKAVAR2@yahoo.com
meeh ...
well . i'm going to remove it now . but this is ....
Warning: Spy Virus Spreading [message #64448] Sat, 31 January 2004 21:17 Go to previous messageGo to next message
TAKAVAR is currently offline  TAKAVAR
Messages: 2
Registered: January 2004
Karma: 0
Recruit
ok this is wierd now
northon's anti virus or even the special removal tool for my doom virus didn't detect ANY thing ...
donnu whats going on ...
Warning: Spy Virus Spreading [message #64449] Sat, 31 January 2004 21:24 Go to previous messageGo to next message
sniper12345 is currently offline  sniper12345
Messages: 817
Registered: November 2003
Location: Hong Kong
Karma: 0
Colonel

I think they harvested your email, you didn't "submit" it.

WOL: megapunk0

http://images.listen-to.com/png.php/4g/sniper12345
Warning: Spy Virus Spreading [message #64468] Sat, 31 January 2004 23:42 Go to previous message
exnyte is currently offline  exnyte
Messages: 746
Registered: February 2003
Karma: 0
Colonel
The reason it was recieved from you is it pulls email addresses from:

symantec.com

Searches for the email addresses in the files with the following extensions:

.htm
.sht
.php
.asp
.dbx
.tbb
.adb
.pl
.wab
.txt


It uses the email addresses it pulls off of these files to send email to and use as the "from" on those emails.


Previous Topic: OT: Some nice pictures
Next Topic: OT: Logo Design Contest
Goto Forum:
  


Current Time: Sun Nov 24 10:35:14 MST 2024

Total time taken to generate the page: 0.01393 seconds