Command and Conquer: Renegade Official Forums: General Discussion » Warning: Spy Virus Spreading

Home » General Discussions » General Discussion » Warning: Spy Virus Spreading

Show: Today's Messages :: Polls :: Message Navigator

Warning: Spy Virus Spreading [message #64037]

Fri, 30 January 2004 00:03

Matt2405
Messages: 77
Registered: October 2003
Location: UK

Karma: 0

Recruit

If you have not read the papers or listened to the radio, a very dangorous virus
is spreading. It is coming in through in emails. If you don't have Norton Antivirus you better get it. Be very careful becuase it comes in from other people you know e.g. takavar2@yahoo.com sent me an email that had the virus in an attachment, I don't even know this person. You also recieve it from any of your friends. You could get it from anyone who has you in their address book. Mad

Mad

What the virus does is basically spy on you. It allows the idiots who made the virus be able to see what your typing! So if your purchasing something and you give your credit card details, thats all your money blown! Evil or Very Mad

Evil or Very Mad

This is just a very quick warning! Exclamation

Exclamation

http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html

Report message to a moderator

Warning: Spy Virus Spreading [message #64038]

Fri, 30 January 2004 00:42

Xtrm2Matt
Messages: 1318
Registered: February 2003
Location: England, UK

Karma: 0

General (1 Star)

This virus is also known as "MyDoom".

Quote:

Why We Are Issuing This Alert
At 9:00 A.M. Pacific Time on Wednesday, January 28, 2004, Microsoft began investigating reports of a variant of a new worm named "Mydoom" or "Novarg," known as Mydoom.B. This variant reportedly blocks access to some websites, including some Microsoft.com websites. The worm attempts to entice e-mail recipients into opening a message that has a file attachment. If the attached file is opened, the worm installs malicious code on the computer user's system and sends itself to all contacts in the user's address book.

http://www.microsoft.com/security/antivirus/mydoom.asp

Also, Symantec have made a tool to quickly remove this virus from your PC. They call it the "W32.Novarg.A@mm Removal Tool".

Quote:

The W32.Novarg.A@mm Removal Tool does the following:

Terminates the W32.Novarg.A@mm viral processes.
Terminates the viral thread running under Explorer.exe.
Deletes the W32.Novarg.A@mm files.
Deletes the registry values added by the worm.

http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.removal.tool.html

And if your not sure if you have the virus, then do this:

Quote:

If you use Windows XP

To find out if a computer is infected, do the following:

Click Start, and then click Search.
In the What do you want to search for? box, click All files and folders.
In the All or part of the file name box, type ctfmon.dll. If that file exists on the computer, the computer is infected with Mydoom.B, and you need to follow the steps below. Otherwise, the computer is not infected with that variant of the virus.

If you use Windows 2000 or Windows NT 4.0

To check for the worm yourself, do the following:

Click Start, and then click Run.
In the Open box, type cmd
Click OK. The black Command Prompt window will open, displaying C:\...> followed by a cursor.
Click the cursor, type dir ctfmon.dll /a /s and then press ENTER.
Wait a few moments:
If the results show File Not Found, the computer is not infected with Mydoom.B.

If you use Windows 98 or Windows 95

Click Start, and then click Run.
In the Open box, type command
Click OK. The black Command Prompt window will open, displaying C:\...> followed by a cursor.
Click the cursor, type dir ctfmon.dll /a /s and then press ENTER.
Wait a few moments:
If the results show File Not Found, the computer is not infected with Mydoom.B.

If any of the above actions actually find this .DLL file, i strongly advise you use the "W32.Novarg.A@mm Removal Tool" OR the steps below:

What to Do If Your Computer Is Infected

If your computer is infected, first try going to the website of your antivirus-software vendor to get the latest updates and information. If you are unable to access your antivirus-software vendor's site and need to fix the infection yourself, follow these steps:

Quote:

Click Start, and then click Run.

In the Open box, type cmd.

Click OK. The black Command Prompt window will open, displaying C:\...> followed by a cursor.

Click the cursor and:
Type del /F %systemroot%\system32\drivers\etc\hosts
Press ENTER.

Type echo # Temporary HOSTS file >%systemroot%\system32\drivers\etc\hosts
Press ENTER.

Type attrib +R %systemroot%\system32\drivers\etc\hosts
Press ENTER.

After typing these commands, do one of the following:
If you use Windows NT 4.0, restart your computer.
If you use Windows XP or Windows 2000, do not restart your computer.

Instead, do the following:
Type ipconfig /flushdns
Press ENTER.

Hope this helps Smile

Smile

http://www.OpticalGaming.com/matt/signature.jpg

http://www.OpticalGaming.com || irc.OpticalGaming.com

Report message to a moderator

Re: Warning: Spy Virus Spreading [message #64041]

Fri, 30 January 2004 01:57

msgtpain
Messages: 663
Registered: March 2003
Location: Montana

Karma: 0

Colonel

Matt2405

Be very careful becuase it comes in from other people you know

e.g. takavar2@yahoo.com sent me an email that had the virus in an attachment,

I don't even know this person.

Confused

Report message to a moderator

Warning: Spy Virus Spreading [message #64042]

Fri, 30 January 2004 02:06

Aircraftkiller
Messages: 8213
Registered: February 2003

Karma: 1

General (5 Stars)

Funny thing is I get this shit all the time...

http://www.aspenth.com/ACK/WTF.jpg
http://www.aspenth.com/ACK/WTF1.jpg

I've had over 2,000 in the past two months... My solution is just to delete everything from people I don't know or if their e-mail\name is obviously fucked up.

Report message to a moderator

Warning: Spy Virus Spreading [message #64044]

Fri, 30 January 2004 02:50

Sk8rRIMuk
Messages: 1019
Registered: February 2003
Location: Blackheath, England, Unit...

Karma: 0

General (1 Star)

Nobody really opens a .bat, .scr, .exe or any other executable application from a e-mail unless it's was expected to be sent by a good friend.

I get these e-mails a lot, even at my e-mail address that is not on any mailing list.

Best thing to do is why ACK does:

Aircraftkiller

Ive had over 2,000 in the past two months... My solution is just to delete everything from people I don't know or if their e-mail\name is obviously fucked up.

WOL Nick - Sk8rRIMuk

http://www.bwstudios.co.uk/private/sk8rrimuk.jpg

The one and only original "spammander"!

Report message to a moderator

Warning: Spy Virus Spreading [message #64046]

Fri, 30 January 2004 03:30

England
Messages: 618
Registered: February 2003
Location: High Wycombe, England

Karma: 0

Colonel

Keep this in mind

If you didnt ask for it, dont open it.

I have about 100+ emails containing this bullshit virus.

In the end it doesn't matter if you are who you say you are. You will still mean nothing to me.

When i have kids, everytime i drive past a fast food restaurant, im gonna punch my kid in the face, then they'll never wanna come..

Report message to a moderator

Warning: Spy Virus Spreading [message #64048]

Fri, 30 January 2004 04:30

Majiin Vegeta
Messages: 2186
Registered: February 2003
Location: London

Karma: 0

General (2 Stars)

if your stupid enuff to open it.. oh well..

Report message to a moderator

Warning: Spy Virus Spreading [message #64049]

Fri, 30 January 2004 05:47

NHJ BV
Messages: 712
Registered: February 2003

Karma: 0

Colonel

Haven't seen it yet...I feel left out Crying or Very Sad

Crying or Very Sad

Razz

Report message to a moderator

Warning: Spy Virus Spreading [message #64051]

Fri, 30 January 2004 05:58

snipesimo
Messages: 764
Registered: February 2003

Karma: 0

Colonel

Don't get norton. If you should run any AV run AVG. And also, the best way to prevent getting a virus is to not open email attachments.

Report message to a moderator

Warning: Spy Virus Spreading [message #64052]

Fri, 30 January 2004 06:01

Deactivated
Messages: 1503
Registered: February 2003

Karma: 0

General (1 Star)

And turn off HTML in Outlook Smile

Smile

Report message to a moderator

Warning: Spy Virus Spreading [message #64056]

Fri, 30 January 2004 06:35

Yano
Messages: 640
Registered: February 2003

Karma: 0

Colonel

Lets see, I have gotten about 25 since Wensday Mad

Mad

Report message to a moderator

Misconceptions [message #64060]

Fri, 30 January 2004 06:59

HeXetic
Messages: 8
Registered: November 2003
Location: Toronto, Canada

Karma: 0

Recruit

A couple of misconceptions to clear up.

- MyDoom "works" because it looks like a ZIP file - not the more recognizeable EXE or BAT or VBS or COM or SCR etc. files - to the unfortunate shmuck who gets it in the mail. My own dad double-clicked on it even though I've told him in the past not to do stuff like that (happily, he doesn't have administrative privileges on the computer, so the virus couldn't actually do anything).

- The "from" address in pretty much all virus and spam e-mails is forged. If the mail says it's "FROM: hexetic@planetcnc.com" it was probably sent from a 286 in the mountains of Tibet. Various schemes are used to come up with the fake return address; sometimes it's random, sometimes the viruses use previously harvested e-mail addresses. It's all just to make the virus look a little more real and *also* create more havoc by generating throusands of "bounce" messages (sent by the mailserver when a mesage can't be delivered) or "returned mail" messages (sent by the mailserver when it thinks the e-mail has a virus - of course the guy to whom the mailserver returns the mail is almost certainly not the guy who's infected).

- The #1 best way to improve your safety if you use Outlook Express is to get a virus scanner. All of them are good, provided you get the updates and configure the virus scanner to either clean or delete infected attachments; unfortunately the default action is often "try to clean" (which fails if there's nothing to clean i.e. the file is 100% virus) then pass. I prefer Trend PC-Cillin (comes free with a lot of motherboards) myself. The #2 best way to improve your safety is to turn off the Preview Pane, which is The Root Of All Evil - View->Layout->Preview Pane.

- MyDoom doesn't automagically infect you if you open the e-mail, thank goodness. You have to actually double-click on the attachment to get whacked.

- If you run with User or Power User privileges only (Win2K and WinXP), then you can't get infected as you don't have the ability to install programs - including viruses like MyDoom.

Co-Director
Planet Command & Conquer
http://www.planetcnc.com/

Report message to a moderator

Warning: Spy Virus Spreading [message #64139]

Fri, 30 January 2004 16:09

MrBob
Messages: 474
Registered: February 2003
Location: Virginia, USA

Karma: 0

Commander

I haven't gotten any with my Cox account. Maybe I should check my theoriginalmrbob.com account, I already get 40+ crap emails a day.

I was once stupid and opened a PIF file (thinking it was an image). I was still able to use the computer until I got Norton a few months later. Laughing

Laughing

God is the "0wnage". Plain and Simple.

Visit http://www.theoriginalmrbob.com

"If there's one freak to be, it's a Jesus freak"

All your base are belong to us.

Report message to a moderator

Re: Misconceptions [message #64153]

Fri, 30 January 2004 16:59

gibberish
Messages: 366
Registered: May 2003

Karma: 0

Commander

HeXetic

A couple of misconceptions to clear up.

- If you run with User or Power User privileges only (Win2K and WinXP), then you can't get infected as you don't have the ability to install programs - including viruses like MyDoom.

Although I would recommend only running with the priviledges you need to do your every day stuff.

The worst thing you can do is to become complacent about viruses.

You should never run suspicious files even as an ordinary user.
Unfortunately MS have too many privilege escalation bugs in their OS'es, for me to believe that "I am safe as long as I am not logged on as an administrator".

Just by 2 cents,
Gib

Report message to a moderator

Warning: Spy Virus Spreading [message #64274]

Sat, 31 January 2004 07:10

Ferhago
Messages: 1014
Registered: March 2003

Karma: 0

General (1 Star)

I have gotten two of these such emails. One was from "The _Cozzy@something" and the other I dont remember. I usually delete any email I dont expect

Edit: Just got a third one from "cncgenocide@aol.com" Must be pulling them from te forums

Report message to a moderator

Warning: Spy Virus Spreading [message #64291]

Sat, 31 January 2004 08:51

Scythar
Messages: 580
Registered: February 2003
Location: Finland

Karma: 0

Colonel

Let's see....I've got none at all, and I use Hotmail. Shocked

Shocked

There's a hole in the sky through which things can fly.

Report message to a moderator

Warning: Spy Virus Spreading [message #64295]

Sat, 31 January 2004 09:41

Matt2405
Messages: 77
Registered: October 2003
Location: UK

Karma: 0

Recruit

I got 2, one from "SomeRhino@renevo.com" and one from "takavar2@yahoo.com" at first. And I recieved a load more after, I would say I have recieved about 8 all from different people.

Report message to a moderator

Warning: Spy Virus Spreading [message #64351]

Sat, 31 January 2004 13:38

Jaspah
Messages: 1478
Registered: July 2003
Location: Syracuse, New York

Karma: 0

General (1 Star)

So far so good... Does the virus effect the Hotmail.com servers? Or the fact I use their service, not Microsoft Outlook?

EDIT: It doesn't effect Hotmail servers! Yay!

(I checked the Symantec databases.)

Report message to a moderator

Warning: Spy Virus Spreading [message #64359]

Sat, 31 January 2004 14:02

IRON FART
Messages: 1989
Registered: September 2003
Location: LOS ANGELES

Karma: 0

General (1 Star)

Most web services have filters...Use them.

Also if you use Outlook Express, turn off the prieview pane.

Report message to a moderator

WRF???? [message #64439]

Sat, 31 January 2004 20:28

TAKAVAR
Messages: 2
Registered: January 2004

Karma: 0

Recruit

WTF . i didn't open shit , how did i get it ? i'm TAKAVAR2@yahoo.com
meeh ...
well . i'm going to remove it now . but this is ....

Report message to a moderator

Warning: Spy Virus Spreading [message #64448]

Sat, 31 January 2004 21:17

TAKAVAR
Messages: 2
Registered: January 2004

Karma: 0

Recruit

ok this is wierd now
northon's anti virus or even the special removal tool for my doom virus didn't detect ANY thing ...
donnu whats going on ...

Report message to a moderator

Warning: Spy Virus Spreading [message #64449]

Sat, 31 January 2004 21:24

sniper12345
Messages: 817
Registered: November 2003
Location: Hong Kong

Karma: 0

Colonel

I think they harvested your email, you didn't "submit" it.

WOL: megapunk0

http://images.listen-to.com/png.php/4g/sniper12345

Report message to a moderator

Warning: Spy Virus Spreading [message #64468]

Sat, 31 January 2004 23:42

exnyte
Messages: 746
Registered: February 2003

Karma: 0

Colonel

The reason it was recieved from you is it pulls email addresses from:

symantec.com

Searches for the email addresses in the files with the following extensions:

.htm
.sht
.php
.asp
.dbx
.tbb
.adb
.pl
.wab
.txt

It uses the email addresses it pulls off of these files to send email to and use as the "from" on those emails.

American Cancer Society | Donate

Report message to a moderator

Previous Topic:	OT: Some nice pictures
Next Topic:	OT: Logo Design Contest

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

PDF

]

Current Time: Wed Mar 12 05:47:33 MST 2025

Total time taken to generate the page: 0.01100 seconds