Virus? [Archive] - Fly Fishing Forum

: Virus?


MarkDoogue
05-06-2002, 09:12 PM
Yesterday I received a strange message titled, "Congratulations, Smdoogue", supposedly from Juro. I received virtually the same email from someone else today.

It automatically tried to open itself via my Windows media player. I shut it down and deleted the message.

My brother mentioned that he got a suspect email from one of the board members as well.

Anyone else having a problem?

JimW
05-06-2002, 09:42 PM
I've seen a couple of messages infected with Klez.. lately but not from the board. Network associates virus scan squashed them. Make sure you configure it for download scan and scanning of internet mail attachments.

fredaevans
05-06-2002, 09:43 PM
was the e mail external or one of the "PM's" via the board?
fe

juro
05-06-2002, 09:47 PM
Sorry I didn't get back to you, I've received literally hundreds of these virus-generated emails from members, non-members, members@somewhere.com, someone@anywhere.com, etc. After your email and another from Bob I checked out both my home computer and work computer with McAfee's latest version. I also ran the Norton AV tools on my laptop at work in addition to McAffee. My laptop came out clean but the home computer had a virus which was eliminated by McAffee.

I believe this is the W32.Klez virus going around like wildfire. It "spoofs" the sender email among other things. If anyone hasen't already loaded the virus protection software and scanned your computers it might be something to consider.

I don't use outlook at all, so I am not sure if I was actually generating them or not. I do know there are a lot of computers out there that are!

Judging by the number of mails I receive I suspect there are a lot of people out there who have the virus on board. Reading the macaffee.com site or the symantec site helps you detect them.

The software I just purchased (in addition to Norton corporate) was McAfee Virus Protection Online for ~$30 bucks per year.

I still think it's a scam to get people to buy Virus Protection!

juro
05-06-2002, 10:04 PM
After typing this I just went to my email inbox to check messages. I had a message from ME at an old non-existent email address that was eliminated years ago.

I do not have in any mail programs containing that email address, so must assume it was generated on someone's computer who had that email address in their address book.

Klez spoofs the sender, so it's impossible to tell who actually sent the email as far as I know.

FrenchCreek
05-06-2002, 10:14 PM
I received two identical Emails
one from "Juro" and one from an unknown?
both messages had an attachment
the message heading is "A Very New Game"
I deleted both before opening the attachment.
My virus scanner(NortonAV) scanned the messages but did not ID them as virus

doogue
05-07-2002, 07:33 AM
I have received 8 or 10 suspect e-mails - including one from ssully - but mostly from non-Forum sources. I even received one from my e-mail account at work (I use a Unix workstation!) and I know that this computer is not infected.

I finally updated my virus scanning software last night and it did not find any of the W32.klez flavors. Which is a good thing.

I agree that the virus scanning software producers do have some sort of role in the proliferation of viruses. So be it - I bought the software anyway because anyone that has had a virus (computer or otherwise) knows that it can be a true pain in the patootie.

Later.

-Mike

FlyFishAR
05-07-2002, 08:20 AM
I learned my lesson early on viruses. Anyone with an unprotected email address is asking for trouble. I probably now get 2 viruses a week. You can do a free virus scan to detect viruses at www.commandcom.com or www.commandsoftware.com

All these will do is "detect" a virus.

John

Roop
05-07-2002, 08:20 AM
THis brings up an issue for me re: spam & viruses.

I use Netzero for my connection as modems are all we can get in my area. To report spam to them, of which I now receive about 5 a day, I need to open the email & forward it to them. Seems to me that I'm exposing my self to viruses.

Should I just break down & pay to update my McAfee or would anyone recommend another program?

Thanks.

Roop

JimW
05-07-2002, 11:21 AM
Let's not forget that email is not the only conduit for destructive/invasive programs. Don't forget a firewall when attempting to protect your system. There's a good freebie available from zonealarm.com and mcafee has a package that includes both a virus scanner and firewall. No matter what you do to protect the system it is best to run a regular archival backup on critical files.

MarkDoogue
05-08-2002, 09:18 PM
I just cleared 39 files infected with W32/Klez and 2 with W32/Elkern.C.

Thanks for the Command Software site FlyFishAR.

FlyFishAR
05-08-2002, 09:27 PM
Mark:

Just to double check that site just "DETECTS" the virus. You have to buy software that will cure it. Second an anti virus software cannot disenfect files in programs that are currently running. From what I know the Kelz series of viruses attach in the windows directories so you ahve to go into safe mode before disinfecting your system to get them all. If you run the scan again it can tell you if you have any more of the little buggers.

John

ps: I know less about computers than I do about fly fishing so you might ask for expert help.

MarkDoogue
05-08-2002, 09:38 PM
Yeah, I took them up on their one time scan&disinfect for $3.95.

Thanks again.

juro
05-08-2002, 09:47 PM
Just to remind folks, the messages sent by an infected party are addressed "from" a fabricated source. If you receive a message "from" somebody, they are the least likely address from where the message came, contrary to what we have been conditioned to think. You should avoid generating any animosity for the spoofed "from" address, it may sound odd in this community but you would be surprised how much of that angst has been going around.

There is only one party to blame, the hacker who sent this out... although the anti-virus companies are hard to eliminate since they are the ones who gain.

The worst offender is the message that describes the risks and offers a link to "email them" for a cure. That link is a binary I suspect is the virus program. Whatever you do, don't open any attachments unless you're 100% sure of it's origin... I guess now that the "from" address is spoofed it's hard to tell that as well.

ssully
05-08-2002, 11:38 PM
Originally posted by doogue
I have received 8 or 10 suspect e-mails - including one from ssully - but mostly from non-Forum sources. I even received one from my e-mail account at work (I use a Unix workstation!) and I know that this computer is not infected.

I finally updated my virus scanning software last night and it did not find any of the W32.klez flavors. Which is a good thing.

I agree that the virus scanning software producers do have some sort of role in the proliferation of viruses. So be it - I bought the software anyway because anyone that has had a virus (computer or otherwise) knows that it can be a true pain in the patootie.

Later.

-Mike

Mike,

Lemme know the email address that you got from me that was infected. Send it to work sean_sullivan@vibren.com
Thanks.

Sprocket
05-09-2002, 10:07 AM
what about a message titled "try again" from Juro@etc,etc...?

I also got an "RE: try again" from another source (I think a board member)...

juro
05-09-2002, 10:45 AM
Sprocket -

Read this for more info:

http://vil.mcafee.com/dispVirus.asp?virus_k=99455#characteristics

My machine is not infected. A lot of people have my email address on their machine, the virus uses these as "from" addresses to hide the identity of the infected machine.