WARNING

Tír na nÓg - Message Board: General - An extension of Chat: WARNING
Top of pagePrevious messageNext messageBottom of pageLink to this message  By Typan on Sunday, May 12, 2002 - 10:58 am:

Lacie has asked me to tell you, NOT to open any email from her for now, as she has been "virused'.. the virus is a worm.. " KLEZ.H " and it comes up with messages from wincon.exe... as yet.. none of use have recieved email from her *phew* *G*....but until she has her computer cleaned... please dont open anything from her! *S*


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Monadh on Sunday, May 12, 2002 - 11:25 am:

More about Klez.H ... http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Rolan on Sunday, May 12, 2002 - 11:43 am:

http://search.symantec.com/custom/us/query.html


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Typan on Sunday, May 12, 2002 - 11:56 am:

Thanks for that.. have passed it onto lacie.. and shes trying it now ! *S*


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Typan on Sunday, May 12, 2002 - 02:05 pm:

Nope.. no go !.. those sites wont let her access them... any ideas? *S*


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Sunday, May 12, 2002 - 03:06 pm:

Two issues here:

1) Everyone using Internet Explorer / Outlook Express should apply the latest patches that are available from Microsoft. They are cumulative patches that include all the security hole-blocking that MS have admitted to date.
Without those patches, there are some common virus's that will infect your system withoutyour clicking on an attachment.

MS have gone all up-front about their abysmal security. THe patches are signposted on their front door:- http://www.microsoft.com
Currently it's the last link in the right-hand column.
"28 March 2002 Cumulative Patch for Internet Explorer."
You have to download the patch appropriate to your version.
If your version of IE is older than the versions for which the patches are available, or if you have not applied the patches, You are running something with more holes than a cheddar cheese.


2) Anyone not running something like Norton Anti-Virus, and/or not running Live Update for the latest virus sigs on a daily basis is asking for trouble.
Norton 2001 and upwards scan your email as it comes in - which is the best option. I've seen earlier versions of Norton detecting a virus after it arrived by email, but not being able to fully protect a system


Klez removal:
Look at http://www.sarc.com (Symantec/Norton's Anti-Virus centre)
There's a Removal Tool section on that page. The Klez tool may remove the version that Lacie has.
Note that it may be necessary to re-run the tool after rebooting.
It is important to read the text of the pages describing the tool.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Sunday, May 12, 2002 - 03:21 pm:

NB:

The virus will forge sender in the emails that it send's out.
So when you say "None of us have an email from Lacie", that may not be strictly true.
You may not have had an email from Lacie You may have had an email from Lacie's PC, but which appears to be from someone else.
"Beware of emails from Lacie" is NOT a good plan for security !! :)

I can't emphasise enough the need for up-to-date protection.
Anyone who is dependent on warnings like this that someone else is infected IS ASKING FOR INFECTION.


It does not matter what the origin of any email appears to be. You simply can not trust anyone - not even your Granny.
You HAVE to have up-to-date browser/email patches.
You HAVE to have up-to-date virus protection.
And even with all of that, you DON'T merrily click on attachments - even if thay really are from your Granny.


In addition to patches and AV, it's worth installing Zone Alarm on your system. ( http://www.zonelabs.com )
This will hide your PC from the outside world, so the nasties can't scan you. It will also detect any attempts by a trojan or virus on your PC to connect to the Net.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Sunday, May 12, 2002 - 03:24 pm:

PS:
"more holes than a cheddar cheese" ?
Well - some cheese that naturally has a lot of holes, or indeed a cheddar cheese that been attacked many times with a red-hot poker.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Monday, May 13, 2002 - 08:53 am:

A few other points:

If you are running Zone Alarm, be sure to set both Local and Internet security settings to High.
Note the the LOCAL should also be high, as there are ways in which an intruder can appear to be a 'local' user.


Some virus/trojans disable Zone Alarm. They also disable anti-virus programs.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Ludd on Monday, May 13, 2002 - 09:22 am:

Thanks A have done msoft updates and zone to high!!!!!!!!!!!!!!


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Typan on Monday, May 13, 2002 - 11:37 am:

Thanks for all that acc... have done a full update myself today....you scared me *G*


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Ladyl on Monday, May 13, 2002 - 12:02 pm:

I copied this from another forum I post on. I had already received the ? e-mail (bottom of page) and went through the entire process untill I got another e-mail stating the first was a HOAX. Everyone on my e-mail list was in a panic. This happened to many of us on the forum...Please be on the lookout for this hoax.

HOAX HOAX HOAX HOAX HOAX HOAX HOAX HOAX
HOAX HOAX HOAX HOAX HOAX HOAX HOAX
HOAX HOAX HOAX HOAX HOAX HOAX HOAX HOAX

This is the address you can go to read about this HOAX VIRUS it is NOT a
virus

http://www.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html

The best thing I have found when someone sends me an email about a Virus.
Take the name of the virus go to a search engine ( I use GOOGLE.COM myself )
and do a search for the name before I do anything to my computer that may
cause it to crash. I have ran across at lest a dozen hoax viruses in the
past.

This is a hoax that, like the SULFNBK.EXE Warning hoax, tries to persuade
you to delete a legitimate Windows file from your computer. The file that
the hoax refers to, Jdbgmgr.exe, is a Java Debugger Manager. It is a
Microsoft file that is installed when you install Windows.

It has a teddy bear icon as described in the hoax:

CAUTION: Jdbgmgr.exe, like any file, can become infected by a virus. One
virus in particular, W32.Efortune.31384@mm, targets this file. Norton
AntiVirus has provided protection against W32.Efortune.31384@mm since May
11, 2001.

NOTE: If you have already deleted the Jdbgmgr.exe file, some Java applets
may not run correctly. This is not a critical system file. The file version
may vary with your operating system and version of Internet Explorer. If you
want to restore the file, please contact Microsoft for instructions.


Hoax message
This hoax has appeared in several languages. Some are as follows:

HOAX HOAX HOAX HOAX HOAX HOAX HOAX HOAX
HOAX HOAX HOAX HOAX HOAX HOAX HOAX
HOAX HOAX HOAX HOAX HOAX HOAX HOAX HOAX

English
I found the little bear in my machine because of that I am sending this
message in order for you to find it in your machine. The procedure is very
simple:


The objective of this e-mail is to warn all Hotmail users about a new virus
that is spreading by MSN Messenger. The name of this virus is jdbgmgr.exe
and it is sent automatically by the Messenger and by the address book too.
The virus is not detected by McAfee or Norton and it stays quiet for 14 days
before damaging the system.

The virus can be cleaned before it deletes the files from your system. In
order to eliminate it, it is just necessary to do the following steps:
1. Go to Start, click "Search"
2.- In the "Files or Folders option" write the name jdbgmgr.exe
3.- Be sure that you are searching in the drive "C"
4.- Click "find now"
5.- If the virus is there (it has a little bear-like icon with the name of
jdbgmgr.exe DO NOT OPEN IT FOR ANY REASON
6.- Right click and delete it (it will go to the Recycle bin)
7.- Go to the recycle bin and delete it or empty the recycle bin.

IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF
YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE.
If you have deleted it, REINSTALL IT


HOAX HOAX HOAX HOAX HOAX HOAX HOAX HOAX
HOAX HOAX HOAX HOAX HOAX HOAX HOAX
HOAX HOAX HOAX HOAX HOAX HOAX HOAX HOAX


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Lacie on Monday, May 13, 2002 - 12:26 pm:

I'm back.

My little episode was no hoax, though. My Zone Alarm was up to date and my patches were ... not. I was one 'critical update' behind on my Explorer.

I watched as my virus scanners deactivate and become inaccessible. Everything ground to a rapid halt. I disconnected from the Internet, rang my email server to delete my account to minimize any damage to others. Then began the nightmare of trying to work out what/where/how ... and fixing it.

If this has taught me one thing, it is to stop procrastinating about buying a cdrw. If I had to reformat, we would have lost so many pictures, scans, and files. So, our hard drive should not be used as a filing system.

Ahhhhhhhhh to IP or not to IP *L* .. back to square one.

Thanks, everyone, for the help and advise.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Lacie on Monday, May 13, 2002 - 01:24 pm:

......... also correct, Acc. Email may NOT have been from me, but was sent from my computer. I have recieved bounced email from dead email addies that I never sent.

I am not sure what that means, or what it means people should do.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Monday, May 13, 2002 - 02:14 pm:

On the topic of Hoax 'virus'

Any "Pass this on" message is just 'noise' on the Net. I always delete them.

Any message that tells you to delete files or do something to your system (even if it appears to be from your Granny - and acually IS from your Granny) is also generally noise to be ignored.

IF there is a virus out there, the AV vendors will generally have it described on their websites.
http://wwww.sarc.com is a good one.

Google is obviously going to lag behind the pages that it indexes. So anything new will generally get to the AV vendor sites before it gets to a search engine.

Google is a great place to find references to 'old' stuff.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Monday, May 13, 2002 - 02:19 pm:

While we're on a roll .....

Mass-mailing virus programs almost always have their own email-sending software, so your outbox will never see the messages they send from your PC.

You can get a bounce for a message that you never sent or indeed that never was sent by your PC.

A Virus will often forge the sender as some other address that it finds.
So: You get a virus that seems to have come from X. You tell X, but they can find no virus on their system. Meanwhile, Y's PC (which actually sent the message) is busy sending virus messages.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Typan on Monday, May 13, 2002 - 05:17 pm:

reads acc's last post...X and Y's???....our puters have chromo's now??? *gasps* gawd no wonder I dont understand all this puter stuff *L*...But have to add, am very impressed with your knowledge there acc.. and you have helped me greatly.., and have spent the day updating everything *S*...thanks !


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Monday, May 13, 2002 - 09:54 pm:

Yup! and some 'puters have z chromo's

zzzzzzzzzzzzzzzzzzzzzz!


'puters with only one chromo are monochromatic
- but there's not many of that kind about these days.

and 'puters with parrot-poo dribbling down the screen are called ........


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Guest on Tuesday, May 14, 2002 - 12:04 am:

computers belonging to Jimmy Buffet fans or pirates


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Ladyl on Tuesday, May 14, 2002 - 12:52 am:

I always wondered what that stuff was. lol It's my parrot head 'puter. Thanks.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Tuesday, May 14, 2002 - 09:38 am:

Polychromatic


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Typan on Tuesday, May 14, 2002 - 11:22 am:

Ladyl... umm was just reading your post there about the HOAX jdbgmgr.exe thingy with the teddy bear *G*... I got that today... and I deleted it *hangs head*.. how do I get my teddy bear back then???........and.... what does it do if I did/have deleted it?? *gulps*


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Orin on Tuesday, May 14, 2002 - 11:32 am:

Its a java bear....a debugging java bear.
Get a new one here.

http://www.microsoft.com/java/


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Lacie on Tuesday, May 14, 2002 - 02:56 pm:

*staggers in* quiet exhausted, I might add. The effect of a simple virus on a home PC is worth more hours than it takes to bring up a kid from woe to go!! OK, so that is a wee bit exagerated, but!!

Once AGAIN I think I am freeeeeeeeeeeeeee of virus. I have established a new email account with my server and disallowed any forwarding of email from my previous account/s. I think I might take using a hotmail account as my default into consideration.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Wednesday, May 15, 2002 - 11:13 pm:

IMPORTANT !!

Now that you are all patched up-to-date.

I hereby announce that you are NOT up-to-date.
MS have admitted 6 new security holes in IE/OE.

The new patch (Cumulative 15th May)is linked on their front page http://www.microsoft.com

There's some nasty stuff that can happen if you don't apply the patch.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Guest on Thursday, May 16, 2002 - 01:04 am:

Not intending to be a Linux Advert!

With the numerous security related design flaws with Microsoft Window products and third party applications which also suffer from the inherit design flaws built into Windows, should we all be switching to Linux systems or Apple Systems?

My puter dual boots to Linux or Windows... Should I be surfing internet in Linux mode?

Nyles! aka Pinky!


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Lacie on Thursday, May 16, 2002 - 10:30 am:

Patched! I am ... nicotine on one arm, microsoft on the other.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Ludd on Friday, May 17, 2002 - 08:59 pm:

hey lacie got sent that worm but virus check picked it upo and managed to delete it


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Shae on Friday, May 17, 2002 - 09:36 pm:

Me too, but I'm sure Lacie is already embarrassed enough by the whole episode, so we don't all need to mention it. I'm beginning to think that computer viruses, especially those of the kind Lacie was unfortunate to receive, do actually make people feel that they, themselves, rather than their PCs, are contaminated with something horrible and nasty. Interesting phenomenon! There's surely a Masters thesis there for somebody!

Perversly, it reminds me of a passage from one of Terry Pratchett's Discworld novels, 'Hogfather,' where he comments on gaining a good education.

'Getting a good education was a bit like a communicable sexual disease. It made you unsuitable for lots of jobs and then you had the urge to pass it on.'


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Ladyl on Sunday, May 19, 2002 - 12:02 pm:

Accasbel, I received this last night in e-mail, it was forwarded to me by family. Have you heard about this? I'm not doing anything until I hear more information, but I'm not going to open any mail with subject "a card for you" which makes me mad because I send and receive alot of cards.
I am so sick of these things.....

PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST !!
>
> A new virus has just been discovered that has been classified by
> Microsoft as the most destructive ever! This virus was discovered
yesterday
> afternoon by McAfee and no vaccine has yet ! been developed. This virus
> simply destroys Sector Zero from the hard disk, where vital information
for
> its functioning are stored.
>
> This virus acts in the following manner: It sends itself automatically to
> all contacts on your list with the title "A Card for You".
>
> As soon as the supposed virtual card is opened, the computer freezes so
that
> the user has to reboot. When the ctrl+alt+del keys or the reset button are
> pressed, the virus destroys Sector Zero, thus permanently destroying the
> hard disk. Yesterday in just a few hours this virus caused panic in New
> York, according to news broadcast by CNN. This alert was received by an
> employee
> of Microsoft itself.
> So don't open any mails with subject: "A Virtual Card for You."
> As soon as you get the mail, delete it!! Even if you know the sender!!!
>


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Shae on Sunday, May 19, 2002 - 09:30 pm:

It's another hoax!
See:

http://www.symantec.com/avcenter/venc/data/virtual.card.for.you.html


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Monday, May 20, 2002 - 08:45 am:

Amen!

IF there were such a virus
- "classified by Microsoft as the most destructive ever!" and "discovered yesterday afternoon by McAfee"
- then you would see a reference to it in 10 foot high flashing neon letters on the websites of the various anti-virus (AV) vendors.

Try searching an AV website for a reference to the "warning" you received. In this case, the Symantec site would have told you that they reported this hoax back in January.

It's not imposible that such a virus would exist, but in general, provided that you have the most up-to-date security patches and AV updates, AND you exercise caution with attachments as a matter of course, then you should be a safe as possible.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Celt on Sunday, May 26, 2002 - 03:38 am:

Thanks Acc for your most timely warnings re the recent viruses...updated my virus scan program and good thing too. My email has been bombarded with Klez worm emails, and these don't show up as "paper clip" icon attachments, they seem to be buried in the email itself. Have not opened any of course, all are deleted.

But Acc, one question...got a message from someone who said they got a Klez email from my address. Can this worm enter and copy your email address book, without the attachment having been opened at all? And I saw no outgoing Klez messages in my sent box...how does it manage that trick?
This is a nasty little worm indeed...I am deleting my address book and putting the email addys into another program to be safe.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Sunday, May 26, 2002 - 06:50 pm:

1) Some virus programs forge a sender address just to spread confusion. If they do that, then they usually pick one from the addresses that they find on an infected PC.
If the sender is not genuine, then a recipient of a virus message can not warn the sender.

2) If your PC is sending out infected emails, you won't see them in your outbox. The virus program has its own email-sending software.
(That's not 100% true - some virus' infect your normal outgoing emails rather than sending their own. If you set your email program to send messages as plain text rather than as HTML, that helps to stop that particular type from spreading.)


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Celt on Sunday, May 26, 2002 - 09:14 pm:

Well Acc, I downloaded the Klez removal tool from symantec and ran a diagnostic which says no Klez found. I take it then that the spam klez emails I delete can still send copies of themselves? How would that be possible? Or is it a case of forgery as you said? I am set for plain text, anything else I can do to block receipt of these *&#$##&#* things?


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Monday, May 27, 2002 - 08:21 am:

As far as I remember, all Klez variations forge the sender.
If your AV is up-to-date and your IE/OE security patches are up to date, then you are 'fairly' sure of being virus-free.

For belt-and-braces, install Zone Alarm (zonelabs.com). That would detect a virus trying to use it's own email-sending program. It detects attempts by a program to access the Net.

You can't really block 'receipt' of email. You can only use best practice to deal with what comes. Currently there's a blizzard of Klex emails flying around the Net.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Accasbel on Monday, May 27, 2002 - 08:38 am:

PS: For a media comment on Klez, and the extra confusion caused by the forging of the senders, see:
http://www.wired.com/news/technology/0,1282,52765,00.html


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Rolan on Friday, July 26, 2002 - 08:39 am:

That one payed the Bank a visit, w32.Nimda, I'll try to send a copy of the fixing tool. It's spreading quite fast.


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Rolan on Friday, July 26, 2002 - 08:46 am:

http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
that's the first one, Nimda A


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Rolan on Friday, July 26, 2002 - 08:49 am:

http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.e@mm.html

And the Nimda.E


Top of pagePrevious messageNext messageBottom of pageLink to this message  By Guest on Saturday, July 27, 2002 - 07:57 am:

ground beef to skillet and mix well. Pour off oil and drain. Add chopped onions, garlic, celery, green peppers, green onions and parsley. Cook over medium heat 15 minutes. Remove livers and gizzards from water and chop well. Add to mixture. Stir well. Stir rice into mixture with salt and pepper. Pour into casserole dish or baking dish and heat in oven at 350 degrees F. for 15 minutes. (Serves 6-8)


Add a Message


This is a private posting area. A valid username and password combination is required to post messages to this discussion.
Username:  
Password:
Post as "Anonymous"