W32 virus, Mydoom etc etc

[Sac_mec (imported)]

Yesterday I was attacked 3 times in Outlook Express with incoming mail by the W32 virus. I do not allow Outlook Express to open preview panes but Norton scans incoming stuff and then politely told me in the morning that my PC had been targetted and offered to quarantine it, which I did v briefly.

I then came offline and used a Go Back program to take my PC back in time before the infection arrived. I scanned with Norton and Disc Doctor and my PC was pronounced clean. Then I came in here and sent a PM to a friend.

On returning to Outlook Express I had been targetted twice again with the same virus in incoming mail by different unknown senders. So, my main worry is this :

A) If I had incoming e-mail with a virus on it at the time I used my PM on the Archive, could I have possibly spread the virus onto my friend? (I think and hope the answer is no!)

B)My secondary concern now is "How safe is the Chatroom if any of us receive targeted unopened viruses in our e-mail while we are in chat?" I hope and assume that until Outlook Express is opened that all is OK, is that right?

(Today I won't use chat until I know I am not innocently passing anything on to anyone else's PC). I do get Software patches updated regularly from MSN

(I run ME) and I also get Virus Defintions Updated every week, often more often, so I do use common sense and frequent scans and use of Disc doctor.

Norton have written to me and suggested I pay £44 for their latest edition to

stop W32 and it is my proposition that in renewing my Firewall and Virus software from them that I am already paying them to stop it entering my PC.

It's very informative to be told afterwards!

I've asked 2 questions above, can I make 2 suggestions?

1) You don't allow your inbox to open preview panes in Outlook Express

2) You delete anything you are not 100% sure of and beware any message saying "test" or "urgent". Aso delete from the delete box

3) If anything sneaks past - use either Roxio's or MSN's "GoBack" program

at once before you do another thing.

Oh, the joys of our brave new world!!

[Sac_mec (imported)]

I have been reading some current advice notes from my Internet Service Provider and they suggest that users treat with the highest degree of caution any e-mail messages with the following subject lines:

"Hi", "Hello", "Mail Delivery System", "Mail Transaction Failed", "Status" and

"Error".

If you see these subject headings delete them and then empty your delete file at once. Better still create a " New Rule Message" from under the Tools section of Outlook Express and then add these words as a Rule and tick the box for it not to be downloaded from server, or at least, the delete box.

We can't cover all the ideas of malacious users but we can protect ourselves a little. Creating Rules to delete Spam is also a good idea. If only these people had better things to do!!

[Paolo]

A virus that spreads by email does not spread by posting to bulletin boards or sending PM's. To do this, you would have to manually attach the file to your outgoing board or PM message and send it yourself.

These things are written to make use of - generally - Microsoft Outlook and Outlook Express. Most of them also target other browsers with email readers as well, such as Netscape. Very few viruses out there target operating systems other than Windows.

It is highly unlikely that you will get a virus, either sent to you or spread from you, by using the chat room. If you are using a java client, this is impossible. If you are using IRC, you would have to accept a file transfer manually to get one.

As for the go-back feature, if your Norton or whatever is flagging incoming mail and doing its thing, there's no need to revert the computer. In fact, there are viruses out there that are prepared for this step as well, and if they get by Norton, etc., the go-back feature will have no effect in getting rid of them. Many pieces of spyware operate the same way.

MyDoom, the current biggie that's going around, is just like the rest of them - it goes like wild for a bit, until it gets under control. Most ISP's now have a "spam trap", that screens any incoming mail before it ever reaches your inbox. If yours doesn't offer this, suggest to them that they consider it.

[Andrew (imported)]

MyDoom, the current biggie that's going around, is just like the rest of them - it goes like wild for a bit, until it gets under control. Most ISP's now have a "spam trap", that screens any incoming mail before it ever reaches your inbox. If yours doesn't offer this, suggest to them that they consider it.

AOL does such virus blocks routinely, so I never have to worry about them. I have my e-mail preferences set to block e-mail with attachments.

[strassenbahn (imported)]

This terrible threat (and the worse ones that will follow) to all internet users simply underlines a basic principle: to protect not merely yourself but others it is (in my view) a moral requirement for all internet users (not just members of Eunuch Archive) to install one of the almost cost-free anti-virus protection systems, including one (such as Norton AntiVirus) that screens your outgoing messages so that in case your computer has been turned into a virus-spreading zombie you don't unknowingly infect others.

[Sac_mec (imported)]

I agree that we should all use a program to scan outward bound e-mail to ensure that we are not unwitting spreaders of these viruses. I have been attacked 5 times in 2 days from strangers with the W32. Netsky virus and each time it has been Norton scanning my incoming mail that has opened/checked the mail and then told me I am contaminated, cheers Norton,

nice work! Using a Go-Back device has cleaned up my PC and I have checked using all programmes including adaware and also sending myself messages,

which seems an easy way to check your system additionally.

I am considering switching off the scanning feature for incoming mail, because in looking at the infected e-mail Norton is opening it!

If I don't allow preview panes to open, and delete messages to the Delete area and then Empty the delete file at once, aren't I better protected?

Can an e-mail containing a virus contaminate one's PC after it has been deleted twice?

Incidentally Paolo, many many thanks for answering all my points. I am sure alot of people will feel safer and more relaxed from your reply. It never hurts to say "thank you" and I do!

[Paolo]

Your computer can be infected by the same virus each time it comes in, regardless of how many times your AV software has chased it back out. It's not like getting the chicken pox or something and never getting it again.

[Mac (imported)]

Using a Go-Back device has cleaned up my PC and I have checked using all programmes including adaware and also sending myself messages, which seems an easy way to check your system additionally. I am considering switching off the scanning feature for incoming mail, because in looking at the infected e-mail Norton is opening it! If I don't allow preview panes to open, and delete messages to the Delete area and then Empty the delete file at once, aren't I better protected? Can an e-mail containing a virus contaminate one's PC after it has been deleted twice?

Once the virus file is saved on your hard drive these procedures wont work. The restore function only restores a prior system configuration. The delete function only removes the reference from the file directory. The file still exists on your hard drive. You will have to use a virus scan and removal program like Norton or Mcafee.

[_g (imported)]

Once the virus file is saved on your hard drive these procedures wont work. The restore function only restores a prior system configuration. The delete function only removes the reference from the file directory. The file still exists on your hard drive. You will have to use a virus scan and removal program like Norton or Mcafee.

A Virus can hide in the partition table area of your hard drive also. To kill the last thing (2/20/04) that got into my home computer, after rewirting the master boot record (2 times) and reinstalling windows (3 times) I had to nuke the drive (format c: ) before it was gone. Thank goodness drive D: was data only and I didn't lose any data, but I did lose my email.... but that was not all that inportant. Now day's there are no FREE anti-virus programs they all ask for $$$ up front then ask for $$$ each 6 months so you can get the virus def. updates

_g

[Dave (imported)]

I logged into my office account today (not on the internet) and this was posted on the message board:

From: Computer Department

February 25, 2003

Internet Mail Stopped for Virus Investigation

Internet mail flow – messages to and from offsite contacts – has been interrupted while the Computer Department investigates a newly circulating computer virus. The Internet mail isolation will continue while the Computer Department ensures that {my work's name} systems are properly configured to identify and stop the virus.

Internet mail messages are being queued for later delivery. A follow-up message will be posted when service is restored.

- - - - - - - - - -

It looks like the virus is being very nasty - beware of it.