Virus I think!

[rocket]

Hi chaps, nothing to do with cobras (sorry)

Had e-mail from (what looked to be) microsoft today and like a tw*t

I opened it!

I'm now receiving mails about God knows what, at a rate of about 10 per minute!!!!

with messages about undelivered mail that I'm not sure I've even sent!

Some of the addresses though do look familiar.

I did check the link on the e-mail and it did take me to the microsoft site.

Any clues?

What's the best way to stop this? Got norton anti virus (from about ten yesrs ago) that doesn't stop em.

Heard talk of "firewalls" and don't know anything about them or where to get them.

HELP!!!


:f

[Miket]

Try and find out which virus it is and I or somebody will point you in the direction of a fix.

[rocket]

Hi came dome as update 921 exe. Microsoft All Products | Support | Search | Microsoft.com Guide
Microsoft Home


Microsoft User

this is the latest version of security update, the "September 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities. This update includes the functionality of all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

--------------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2003 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility

[SimonP]

There are some free firewalls available on the net, like zone alarm etc.

I use Norton Internet Security 2003. It costs about £50 from most retailers. There are two parts to it - the firewall to stop unwanted comms to and from your PC, and an anti-virus tool that also scans every incoming and outgoing email.

Items such as the one you describe attach themselves as a "signature file" to your emails, and send themselves to everyone in your address book.

Many ISPs will not allow emails containing EXEs as an attachment to be either sent or received.

NEVER EVER double click an EXE file attachment. But you probably know that now.

Also, disable the preview pane if you use Outlook Express, as that auto-opens any attachments whether you want to or not.

I built a computer last week. I spent 5 mins on the net, without Norton. I was just looking for a driver for an adaptor card. Within that time, someone had hacked the PC and a virus had infected 450 system files.
That took an hour or so to repair. There was only the OS on the computer at the time. There could have been sensitive data, accessible to or deleted by anyone using hacking tools because I didn't have a decent firewall installed. And yes, the WinXP firewall WAS enabled.

I have successfully had one person's service terminated by their ISP due to their REPEATED attempts at intrusion into my PC. I sent the firewall logs to the ISP as evidence. ISPs generally take abuse of sevice seriously.

Simon.

[Jnex26]

Personally I Use Smoothwall a dedicated Linux firwall/router/VPN It's a very secure method of protecting your system from would be script kiddies.

The exploit you've just received is a worm not a virus (There's a diffrence) and it's trying to send itself to everyone else that why your getting the emails.

Although disableing preview pane works for macro vuri, this particular worm does not make use of the macro ability. instead it "Dupes" the user into thinking that it's a M$ e-mail. In fact there have only been a few "macro viruses" and I've hapilly kept my preview pane going and never had a problem.

All ISP's unless stated will allow a EXE though there servers. such internet webmail services like "Hotmail" and "Yahoo" may block them. but if it's a email your getting with your ISP then you will be able to receive EXE's unless they ask you if you want to enable a EXE blocking script. Also keep in mind that outlook from office 2K/XP will automatically block any EXE's. However that can be disabled.

Simon, if within 5 mins a virus had infected over 450 Files you would know about it in fact most viruses are VERY file specific. and don't just go randomly infecting files. I would look at maybe a few of your disk's first as 5 mins is not long enough to alter 450 files (Well maybe if it was a striped disk array). Also how can your be sure that the virus got onto your machine from a intrusion. this is actually the most unlikley way for getting infected becuase it requires someone explition a weakness in your O/S. Or your installing somthing that has a trojan horse on it. (I Reccomend you download a trojan horse scanner vuri scanners may pick up a few Trojans but not all.)

Also keep in mind that before you go reporting people to their ISP's for attempted cracking attempts on your machine. That it's probably be a inncocent user that's machine has been cracked and is being used to crack others.

I have also experinced the same problems with users and I did'nt report them I contacted his ISP and asked for them to pass on a message that their machine was being used to attempt to crack people. within a few hours he had stopped. Also keeping in mind that my firewall reports over 1000 Attempted portscan's/intrusions per day. And to date my machine was never effected by any of the sobig or blaster worms.

On to personall firwalls. If you've got a broadband connection then you can choose three metohds of protection. 1. Software 2. Hardware 3. Dedicated. With software your have more "Control" over what is acessing the internet and what is not however These firewalls can be crashed and trojan horses will allways find a way though. With hardware It's much more secure but requires that you know if your connection is either PPPOA or PPPOE and some router/firwall/modem combinations can be expensive. But it offers a higher level of protection than a software firewall Configuration is usally via a telnet or HTTP page. Dedicated firewalls this is more a corperate type of protection but since linux has come onto the scene it's become more popular for home users. It's got about the same level of protection as a hardware firewall however it can be cheaper but also more expensive. The software's free and it can be connected to a "LARGE" switch and be used to manage a entire networks under DHCP. they also contain custom VPN software (some H/W firwalls do aswell tho). Dedicated Firewalls can be cracked however It's much harder than a software firewall and on about the same level as a hardware firewall.

If you've got a dialup modem then the best idea is a software firewall.

I'm sorry I jabberd on but I dialy deal with people that hear about a virus/worm on the news and are instaly ringing me up asking what to do.

as for my protection as i stated above I use Smoothwall (Seen at www.smoothwall.org) and norton as my AV scanner (Best Email scanner I've found)

[robert]

Roger

This is the virus you have, as you sent me one or two over the past day.

http://us.mcafee.com/virusInfo/defau...er&hcName=swen

There is info on how to remove the virus, then I suggest you purchase Mcafee Anti Virus or something similar.

All the best

[Robin427]

I use Mailwasher Pro, which allows you to delete mail off the server without downloading it (it will also reference your mail against known spam databases and delete known spammers).

For Virus Protection, I use "Antivir", from www.freeav.com, which is free and works very well...

Comes down to common sense in the end, though... opening attachments without knowing what they are...


Robin

Drive it like you stole it...
http://www.creffield.com/cobra/index.html

[osgood]

Contrary Mary

Rob, I was hit 6 times last night with email tagged as Mail Administrator & Micro-soft returned mail and the like. It was worm auto-mat AHB virus if that means anything. My email system deleted the attachments and good old Nelly Norton quarantined it Eric

[rocket]

Had that too.

My entire system crashed at 3 this morning and a need some sleep!!



http://securityresponse.symantec.com...oval.tool.html

This little baby gets rid!!

my box was full of "undelivered messages" was getting about 10 per minute!

So my e-mail account was overflowing.

Thanks all for help:tu

[robert]

SUBJECT: Swen.A, aka Gibe-F, Mass-mailing and Fileshare Worm

RISK FACTOR: 3

RISK FACTOR EXPLANATION: Many infections have been reported, and the
worm has real potential to spread.

IMPACT: Mass-mails through its own SMTP engine; spreads through
fileshare programs; stops security software

SUMMARY: The mass-mailer worm Swen.A [Symantec], aka Gibe-F [Sophos],
uses its own SMTP engine to mail itself, spreads through peer-to-peer
fileshare programs such as KaZaA and through IRC, and tries to shut off
antivirus and personal firewalls. It generates emails with random
subject, body, and From: fields. Some examples claim to be patches for
Microsoft Internet Explorer, or delivery failure notices from qmail.

PLATFORMS AFFECTED: Workstations,Personal Computers