PowerOfOne
Literotica Guru
- Joined
- Oct 30, 2001
- Posts
- 918
It comes in email and the subject line says Happy New Year. It has christmas.exe and once downloaded goes about deleting files. Be careful out there, its a jungle.
Heads up! New virus alert...
- Thread starter PowerOfOne
- Start date
Babydoll5272
Really Experienced
- Joined
- Nov 30, 2001
- Posts
- 138
thank you
Thank you for sharing this!
DOLL
Thank you for sharing this!
DOLL
*ladylove*
Really Experienced
- Joined
- Jul 17, 2001
- Posts
- 268
Thank you, and yes it is a jungle out here! Easier just to only download from those i know.
Black_Bird
Not Innocent
- Joined
- Oct 26, 2001
- Posts
- 9,019
That sounds just like...
The millenium worm virus that was out last year... Happyworm...
Nasty little fucker... everybody seemed to have gotten it at one point or another. It was all over the newsgroups. It used the same MO - it came from an e-mail that said "Happy New Year"... you opened it, and saw a small fireworks display - and BAM, you were infected.
I'm glad I have Norton...
The millenium worm virus that was out last year... Happyworm...
Nasty little fucker... everybody seemed to have gotten it at one point or another. It was all over the newsgroups. It used the same MO - it came from an e-mail that said "Happy New Year"... you opened it, and saw a small fireworks display - and BAM, you were infected.
I'm glad I have Norton...
teresafannin
One who hears the Music
- Joined
- Jul 27, 2000
- Posts
- 2,532
I got a worm last year & I didn't think we would ever get rid of it. After that, we downloaded Norton, because the MacAfee that came on my computer missed the worm. I use the delete key a lot these days.
Pokerman
Lady's Man
- Joined
- Jul 9, 2001
- Posts
- 3,455
*ladylove* said:
Hey *LL* and welcome to the boards.
The problem with this virus is it goes through Outlook, and sends it to people on your address list. So if your mother had this virus, and she used Outlook or Outlook Express, the mail with this virus would be sent to you from your mother.
And who doesn't trust dear old mom?
Weird Harold
Opinionated Old Fart
- Joined
- Mar 1, 2000
- Posts
- 23,768
Bump
This is not a problem IF you scan all attachments before opening them. CNN's Tech reporter says virus scanners will pick this one up. It's apparently just an upgrade of an older virus repackaged as Christmas.exe.
This is not a problem IF you scan all attachments before opening them. CNN's Tech reporter says virus scanners will pick this one up. It's apparently just an upgrade of an older virus repackaged as Christmas.exe.
Simple solution for me is that I DON'T use Outlook, EVER.
All my email is read through either my yahoo account, or my ISP webmail.
As for trusting my Mom and her emails, well, let's just say that the moment I get an email with an attachment from dear old Mom, is the day I'll die of a heart attack. She simply doesn't know how to do it, and she'd let me know even if she did one day know.
The one I have to worry most about is one of my cousins in Arizona who forwards EVERYTHING in the world to out whole family. Most of which get deleted without even looking at them.
All my email is read through either my yahoo account, or my ISP webmail.
As for trusting my Mom and her emails, well, let's just say that the moment I get an email with an attachment from dear old Mom, is the day I'll die of a heart attack. She simply doesn't know how to do it, and she'd let me know even if she did one day know.
The one I have to worry most about is one of my cousins in Arizona who forwards EVERYTHING in the world to out whole family. Most of which get deleted without even looking at them.
Calamity Jane
Reverend Blue Jeans
- Joined
- Sep 19, 2001
- Posts
- 18,421
lobito said:
I've never set outlook up either. I use aol, yahoo or hotmail, and don't download attachments I'm not expecting. Even on those accounts, I don't have an address book set up, just in case. The email addresses reside in my head, and I *think* I'm pretty virus free
.My oldest sister is like that too Lobito, I get about 15 forwards a day from her. Most of them are deleted, because chances are, I"ve seen them a thousand times already. And she wonders why I never read the non-forwarded email she sends me.
girl
Really Really Experienced
- Joined
- Dec 15, 2001
- Posts
- 375
As just an aside, a virus program becomes pretty useless if its virus definitions are not updated regularly. You should use the 'Update' feature at least every two weeks to keep yourself up to date on the newer viruses floating around.
And now, back to your regularly scheduled thread.
girl
And now, back to your regularly scheduled thread.
girl
Dragonette
I am Dragon, make me purr
- Joined
- Mar 29, 2001
- Posts
- 6,295
Virus Info
WORM_MALDAL.C
Risk rating:
Virus type: Worm
Destructive: Yes
Aliases:
KERZAC.A, KERZAC, W32.Reeezak.A@mm, W32.Zacker.C@mm, W32.Maldal.C@mm, W32/Maldal.c@MM
Description:
This destructive, memory-resident worm is a Visual Basic-compiled Windows executable. It propagates via email using Microsoft Outlook. It arrives in an email with the details:
Subject: Happy New Year
Message Body: Hii
I can’t describe my feelings
But all i can say is
Happy New Year
Bye
Attachment: CHRISTMAS.EXE
Its destructive payload deletes files in the Windows system directory.
Solution:
Click Start>Run, type REGEDIT then hit the Enter key.
Double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft >Windows>
CurrentVersion>Run
In the right panel, right-click the value shown below and then delete it: ZaCker = “%windows%\CHRISTMAS.EXE”,
Restore the computer name by clicking Start>Run, type REGEDIT then hit the Enter key.
Double click the following: HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control >
In the right panel, right-click the value shown below, select Modify then type the original name of your computer: Computer Name = “ZaCker”
To restore your Internet Explorer Start-up page, click Start>Run, type REGEDIT then hit the Enter key.
Double click the following: HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer > Main
In the right panel, right-click the value shown below, select Modify then type your original Start-up page: Start page = “http://geocites.com/jobreee/ZaCker.htm”
Scan your system with Trend Micro antivirus and delete all files detected as WORM_MALDAL.C. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free, online virus virus scanner.
http://housecall.antivirus.com/housecall/start_corp.asp
WORM_MALDAL.C
Risk rating:
Virus type: Worm
Destructive: Yes
Aliases:
KERZAC.A, KERZAC, W32.Reeezak.A@mm, W32.Zacker.C@mm, W32.Maldal.C@mm, W32/Maldal.c@MM
Description:
This destructive, memory-resident worm is a Visual Basic-compiled Windows executable. It propagates via email using Microsoft Outlook. It arrives in an email with the details:
Subject: Happy New Year
Message Body: Hii
I can’t describe my feelings
But all i can say is
Happy New Year
Bye
Attachment: CHRISTMAS.EXE
Its destructive payload deletes files in the Windows system directory.
Solution:
Click Start>Run, type REGEDIT then hit the Enter key.
Double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft >Windows>
CurrentVersion>Run
In the right panel, right-click the value shown below and then delete it: ZaCker = “%windows%\CHRISTMAS.EXE”,
Restore the computer name by clicking Start>Run, type REGEDIT then hit the Enter key.
Double click the following: HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control >
In the right panel, right-click the value shown below, select Modify then type the original name of your computer: Computer Name = “ZaCker”
To restore your Internet Explorer Start-up page, click Start>Run, type REGEDIT then hit the Enter key.
Double click the following: HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer > Main
In the right panel, right-click the value shown below, select Modify then type your original Start-up page: Start page = “http://geocites.com/jobreee/ZaCker.htm”
Scan your system with Trend Micro antivirus and delete all files detected as WORM_MALDAL.C. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free, online virus virus scanner.
http://housecall.antivirus.com/housecall/start_corp.asp
Dragonette
I am Dragon, make me purr
- Joined
- Mar 29, 2001
- Posts
- 6,295
Take Control
I don't know if this works, but it's simple to set up, the ones I have received my Anti Virus Program picks up, and I get regular updates automatically about every 2 days.
Trends PC-cillan
Take Control
Who among us doesn't know someone who has experienced the
embarrassment of unknowingly spreading a computer virus via their email address book? It's time to STOP this from happening by TAKING CONTROL of your email program! For those who are unaware, many computer viruses spread themselves by sending themselves to everyone in your address book. Imagine how you would feel if you were unknowingly infected with a computer virus, and worse yet, your friends, family, and business contacts were being targeted by your computer! Well, if you want to avoid this sort of thing, here's a great tip:
This tip won't prevent YOU from getting any viruses (you have to scan those attachments yourself before opening them to do that), but it will stop those viruses from latching onto your address book and sending itself out to others.
To avoid spreading computer viruses, create a contact in your email address book with the name : !0000 with no email address in the details.
This contact will then show up as your first contact. If a virus
attempts to do a "send all" on your contact list, your pc will put up
an error message saying that: "The Message could not be sent. One or more recipients do not have an e-mail address. Please check your Address Book and make sure all the recipients have a valid e-mail address."
You click on OK and the offending (virus) message would not have been sent to anyone. Of course no changes have been made to your original contacts list. The offending (virus) message may then be automatically stored in your "Drafts" or "Outbox" folder. Go in there and delete the offending message. Problem is solved and virus is not spread.
Try this and pass it on to your email contacts. The more people that use this technique, the less vulnerable we will be to viruses that spread in this manner!
I don't know if this works, but it's simple to set up, the ones I have received my Anti Virus Program picks up, and I get regular updates automatically about every 2 days.
Trends PC-cillan
Take Control
Who among us doesn't know someone who has experienced the
embarrassment of unknowingly spreading a computer virus via their email address book? It's time to STOP this from happening by TAKING CONTROL of your email program! For those who are unaware, many computer viruses spread themselves by sending themselves to everyone in your address book. Imagine how you would feel if you were unknowingly infected with a computer virus, and worse yet, your friends, family, and business contacts were being targeted by your computer! Well, if you want to avoid this sort of thing, here's a great tip:
This tip won't prevent YOU from getting any viruses (you have to scan those attachments yourself before opening them to do that), but it will stop those viruses from latching onto your address book and sending itself out to others.
To avoid spreading computer viruses, create a contact in your email address book with the name : !0000 with no email address in the details.
This contact will then show up as your first contact. If a virus
attempts to do a "send all" on your contact list, your pc will put up
an error message saying that: "The Message could not be sent. One or more recipients do not have an e-mail address. Please check your Address Book and make sure all the recipients have a valid e-mail address."
You click on OK and the offending (virus) message would not have been sent to anyone. Of course no changes have been made to your original contacts list. The offending (virus) message may then be automatically stored in your "Drafts" or "Outbox" folder. Go in there and delete the offending message. Problem is solved and virus is not spread.
Try this and pass it on to your email contacts. The more people that use this technique, the less vulnerable we will be to viruses that spread in this manner!
Ladybird
Tart with a heart
- Joined
- Sep 6, 2001
- Posts
- 29,801
Thanks for that piece of advice about the address book Dragonette. I've acted on it already, and have emailed my friends with the suggestion also.
I received this warning from a friend of mine who works in IT.
"There is a new virus out called Goner and this time the hackers have taken their battle to a new level.This virus is very destructive in comparison with the previous ones therefore
please do not open any email with attachments that have .scr at the end (eg. goner.scr)".
I hope this helps you all.
I received this warning from a friend of mine who works in IT.
"There is a new virus out called Goner and this time the hackers have taken their battle to a new level.This virus is very destructive in comparison with the previous ones therefore
please do not open any email with attachments that have .scr at the end (eg. goner.scr)".
I hope this helps you all.
Dragonette
I am Dragon, make me purr
- Joined
- Mar 29, 2001
- Posts
- 6,295
W32/Goner@MM,
W32/Goner@MM, also known as Pentagone, Goner or Gone. This is a NEW, HIGH RISK virus that spreads via Microsoft Outlook email and ICQ instant messaging programs. This mass-mailing worm will arrive from someone you know with the following email message:
Subject: Hi
Body:
How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!
Attachment: GONE.SCR
WORM_GONE.A
Risk rating:
Virus type: Worm
Destructive: Yes
Aliases:
GONE.A, WORM_GONER.A, I-Worm.Goner, Gone, W32/Goner@MM, Win32.Goner.A@mm, W32/Goner.ini, W32/Goner-A, Pentagone
Description:
This destructive, memory-resident worm is a Visual Basic-compiled Windows executable that propagates via email using Microsoft Outlook and through ICQ.
It finds certain files in memory and then terminates the processes of these found files. Thereafter, it executes its destructive payload of deleting files.
Solution:
For Automatic Cleaning and Removal:
Please download and apply the fix_gone.exe fix tool.
Trend Micro requests that all users download and read the readme_gone.txt before using this tool.
Manual Cleaning on Windows 95/98/Me Systems:
Reboot the computer.
Before the startup logo appears, press F8.
Choose the “Command prompt only” option.
Go to the %System% directory. %System% is variable. It is usually located at C:\Windows\System.
At the command prompt, type the following command then hit the Enter key:
attrib –s –h –r gone.scr
Type the following command and then hit the Enter key to delete the Worm file:
del gone.scr
Restart the computer.
Click Start>Run, type Regedit then hit the Enter key.
Double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft
>Windows>CurrentVersion>Run
Look for the following registry entry and then delete it. %System% is variable. It is usually located at C:\Windows\System:
%System% gone.scr
Delete all files named REMOTE32.INI in your mIRC folders.
Either delete or restore from backup the file MIRC.INI.
Manual Cleaning on Windows NT/2000 Systems:
Kill all running instances of the worm in the task manager. Look for applications named “pentagone” and for processes named gone.scr. Kill these processes.
Scan your system with Trend Micro antivirus and delete all files detected as WORM_GONE.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free online virus scanner.
Click Start>Run, type Regedit then hit the Enter key.
Double click the following:
HKEY_LOCAL_MACHIE>Software>Microsoft
>Windows>CurrentVersion>Run
Look for the following registry entry and delete it. %System% is variable. It is usually located at C:\Windows\System:
%System%\gone.scr
Exit the Registry.
Delete all files named REMOTE32.INI in your mIRC folders.
Either delete or restore from backup the file MIRC.INI.
W32/Goner@MM, also known as Pentagone, Goner or Gone. This is a NEW, HIGH RISK virus that spreads via Microsoft Outlook email and ICQ instant messaging programs. This mass-mailing worm will arrive from someone you know with the following email message:
Subject: Hi
Body:
How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!
Attachment: GONE.SCR
WORM_GONE.A
Risk rating:
Virus type: Worm
Destructive: Yes
Aliases:
GONE.A, WORM_GONER.A, I-Worm.Goner, Gone, W32/Goner@MM, Win32.Goner.A@mm, W32/Goner.ini, W32/Goner-A, Pentagone
Description:
This destructive, memory-resident worm is a Visual Basic-compiled Windows executable that propagates via email using Microsoft Outlook and through ICQ.
It finds certain files in memory and then terminates the processes of these found files. Thereafter, it executes its destructive payload of deleting files.
Solution:
For Automatic Cleaning and Removal:
Please download and apply the fix_gone.exe fix tool.
Trend Micro requests that all users download and read the readme_gone.txt before using this tool.
Manual Cleaning on Windows 95/98/Me Systems:
Reboot the computer.
Before the startup logo appears, press F8.
Choose the “Command prompt only” option.
Go to the %System% directory. %System% is variable. It is usually located at C:\Windows\System.
At the command prompt, type the following command then hit the Enter key:
attrib –s –h –r gone.scr
Type the following command and then hit the Enter key to delete the Worm file:
del gone.scr
Restart the computer.
Click Start>Run, type Regedit then hit the Enter key.
Double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft
>Windows>CurrentVersion>Run
Look for the following registry entry and then delete it. %System% is variable. It is usually located at C:\Windows\System:
%System% gone.scr
Delete all files named REMOTE32.INI in your mIRC folders.
Either delete or restore from backup the file MIRC.INI.
Manual Cleaning on Windows NT/2000 Systems:
Kill all running instances of the worm in the task manager. Look for applications named “pentagone” and for processes named gone.scr. Kill these processes.
Scan your system with Trend Micro antivirus and delete all files detected as WORM_GONE.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free online virus scanner.
Click Start>Run, type Regedit then hit the Enter key.
Double click the following:
HKEY_LOCAL_MACHIE>Software>Microsoft
>Windows>CurrentVersion>Run
Look for the following registry entry and delete it. %System% is variable. It is usually located at C:\Windows\System:
%System%\gone.scr
Exit the Registry.
Delete all files named REMOTE32.INI in your mIRC folders.
Either delete or restore from backup the file MIRC.INI.
Dragonette
I am Dragon, make me purr
- Joined
- Mar 29, 2001
- Posts
- 6,295
Top 10 at THIS moment
Live - Top 10 Viruses
1. PE_NIMDA.A-O 6. PE_NIMDA.A
2. WORM_SIRCAM.A 7. WORM_BADTRANS.B
3. WORM_GOKAR.A 8. PE_MAGISTR.B
4. PE_NIMDA.E 9. PE_MAGISTR.A
5. PE_FUNLOVE.4099 10. JS_EXCEPTION.GEN
If anyone needs more info on any virus, just let me know
Live - Top 10 Viruses
1. PE_NIMDA.A-O 6. PE_NIMDA.A
2. WORM_SIRCAM.A 7. WORM_BADTRANS.B
3. WORM_GOKAR.A 8. PE_MAGISTR.B
4. PE_NIMDA.E 9. PE_MAGISTR.A
5. PE_FUNLOVE.4099 10. JS_EXCEPTION.GEN
If anyone needs more info on any virus, just let me know
Draco
2bOrNot2b
- Joined
- Mar 30, 2001
- Posts
- 6,762
Excellent tip on the Address Book Dragonette..i was just about to post it.....also..I'd recommend WEEKLY updates on your antivirus software virus definitions.
PC-Cillin are the world leaders ..and they release new pattern files at least twice a week.
www.antivirus.com
PC-Cillin are the world leaders ..and they release new pattern files at least twice a week.
www.antivirus.com
Dragonette
I am Dragon, make me purr
- Joined
- Mar 29, 2001
- Posts
- 6,295
Thanks Draco
I work in IT as well
I work in IT as well
Cheyenne
Ms. Smarty Pantsless
- Joined
- Apr 18, 2000
- Posts
- 59,553
Draco said:
I'll set up my address list that way, but I have a question. Why doesn't the worm just move on past the address that wasn't valid and keep sending to the next name on the list? The previous address always has to be valid for a worm to keep on working?
signed: very non-techie Cheyenne
Weird Harold
Opinionated Old Fart
- Joined
- Mar 1, 2000
- Posts
- 23,768
Cheyenne said:
I'm not sure, but I think the worm sends one message with carbon copies to the rest of the address book and if one address is invalid outlook won't process the message until the problem is resolved.
Also, I don't think the Worm checks error messages and traps them. Even if the rest of the messages go out, this will tell you that something sent mail to all addresses in your address book It obviously wouldn't be you because you know the address is missing.
PowerOfOne
Literotica Guru
- Joined
- Oct 30, 2001
- Posts
- 918
Thank you Dragonette and to all who responded. I am sick to death of computer worms, viruses, ect. I wish there was a way to send it back to the original person and blow their PC to hell and back. Not very holiday like spirit of me is it? Anyway, I hope that all of you at Lit have very happy Holidays and may they all be virus free, computer wise and health wise!
Draco
2bOrNot2b
- Joined
- Mar 30, 2001
- Posts
- 6,762
Point 1: Most of you are confusing Outlook with Outlook Express.
Outlook is the full version of the Email/PIM/Schedule software that normally comes with Office . Outlook Express is a stripped down version thats installed with Windows. They both use the same API (application programming interface) ao one is as bad as the other.
Point 2: Most virus are created in Visual Basic or C++ programming language. The same language that Windows and many other programmes are written in.
The virus contains a small script called a MACRO, a piece of code that tells the virus what to do and in what order to do it. (Example: Send to first name in Address Book and carbon copy to 49 others)
So if you "dummy" the first address with !000, the code gets confused because it cant complete the instruction.
Programmes & Macros are written/run in sequence. (EXAMPLE: Do function A, when complete DO function B etc till all functions are done then end/exit).
So..the virus cannot complete its sequence coz it gets the very first step wrong. This forces the Macro to terminate.
POINT 3: VIRUS WRITERS ARE SCUM!
There are ways to nuke their PC's..but more than likey you would end up nuking your brothers/mothers/lovers/etc PC coz thats were it originates from. Most virus writers dont release the virus
from their own PC anyway. Most are released at internet cafes and public email terminals.
Hope this helps anyone get an understanding on the innner workings of viruii.
A good tip is to install BlackIce Defender. its a personal firewall with very good tracking/blockout capabilities.
Draco
Outlook is the full version of the Email/PIM/Schedule software that normally comes with Office . Outlook Express is a stripped down version thats installed with Windows. They both use the same API (application programming interface) ao one is as bad as the other.
Point 2: Most virus are created in Visual Basic or C++ programming language. The same language that Windows and many other programmes are written in.
The virus contains a small script called a MACRO, a piece of code that tells the virus what to do and in what order to do it. (Example: Send to first name in Address Book and carbon copy to 49 others)
So if you "dummy" the first address with !000, the code gets confused because it cant complete the instruction.
Programmes & Macros are written/run in sequence. (EXAMPLE: Do function A, when complete DO function B etc till all functions are done then end/exit).
So..the virus cannot complete its sequence coz it gets the very first step wrong. This forces the Macro to terminate.
POINT 3: VIRUS WRITERS ARE SCUM!
There are ways to nuke their PC's..but more than likey you would end up nuking your brothers/mothers/lovers/etc PC coz thats were it originates from. Most virus writers dont release the virus
from their own PC anyway. Most are released at internet cafes and public email terminals.
Hope this helps anyone get an understanding on the innner workings of viruii.
A good tip is to install BlackIce Defender. its a personal firewall with very good tracking/blockout capabilities.
Draco
Draco
2bOrNot2b
- Joined
- Mar 30, 2001
- Posts
- 6,762
PLEASE NOTE:
BlackIce IS NOT an ANTIVIRUS programme...!!!
it is a firewall...it prevents unauthourized communication from outside sources with your PC. It can be helpful in tracing just where an attack was launched from.
Normally you would forward the Attack trace log to your ISP and they will follow the attack to its source.
I am not a programmer...I am a qualified hardware technician.
I build the PC's you guys are all sitting in front of.
But I hope this helps someone.
Its a bit like SAFE SEX..its better to be OVER-PROTECTED than to have none at all.
You wouldn't use a condom thats past its USE BY date...so dont use OLD Anti-Virus software. Get the latest versions and keep them up to date.
BlackIce IS NOT an ANTIVIRUS programme...!!!
it is a firewall...it prevents unauthourized communication from outside sources with your PC. It can be helpful in tracing just where an attack was launched from.
Normally you would forward the Attack trace log to your ISP and they will follow the attack to its source.
I am not a programmer...I am a qualified hardware technician.
I build the PC's you guys are all sitting in front of.
But I hope this helps someone.
Its a bit like SAFE SEX..its better to be OVER-PROTECTED than to have none at all.
You wouldn't use a condom thats past its USE BY date...so dont use OLD Anti-Virus software. Get the latest versions and keep them up to date.
