Last few days, I have been recieving very strange emails with some kind of attachements included. I am asked to open the file as soon as the emaol arrives, Wierd!
All the emails are from the sp comminity, some have even shown up as "returned mail not delivered"
Which is strange because they are emails I NEVER sent and to some people who I do not even know, but recognize them from the spwaw community.
Has anyone else had this going on??
Like is there a mailing list out there that somehow we all got on??
Anyway, be advised, could be some rotten poop in Denmark, if you get my meaning
Alby
Recieving Very strange emails
Moderator: MOD_SPWaW
What you have just described is how a virus is propagated. If you open the attachment - which is usually an exe file - it will in turn infect your system.
If you do not have an anti-viral program - if you do not check ALL your incoming mail with it - you are asking for a viral infection. Usualliy, the viruses take over your e-mail system and start sending themselves to people in your address book. As sort of a nasty bonus, someo of them completely wreck your operating system and destroy all operating system files. Some of them hide for days and weeks in your system folder - sometimes in the registry - waiting for a certain time or event to be the trigger.
I had a virus mailed to me from an unknown source a couple of weeks ago - I wouldn't be surprised if this was the same criminal at work.
If you don't guard against viruses you will eventually pay for the neglect. You can read more about the subject on many websites. The one a good number of us on this forum use - because we believe it is the best - is: http://www.avp.ch/ Read and judge for yourself.
Bing
If you do not have an anti-viral program - if you do not check ALL your incoming mail with it - you are asking for a viral infection. Usualliy, the viruses take over your e-mail system and start sending themselves to people in your address book. As sort of a nasty bonus, someo of them completely wreck your operating system and destroy all operating system files. Some of them hide for days and weeks in your system folder - sometimes in the registry - waiting for a certain time or event to be the trigger.
I had a virus mailed to me from an unknown source a couple of weeks ago - I wouldn't be surprised if this was the same criminal at work.
If you don't guard against viruses you will eventually pay for the neglect. You can read more about the subject on many websites. The one a good number of us on this forum use - because we believe it is the best - is: http://www.avp.ch/ Read and judge for yourself.
Bing
"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website
From the 101st Airborne Division Association Website
One option I've heard of to corral the sending of worm viruses from your own machine(since they usually use MS Outlook addressbook) is to put a bogus entry in your address book
I think it's zero-zero-zero-
0000
or something like that
Anyway, tt will be the 1st one accessed and if entered INCORRECTLY !! (there should be an error in the address that gets caught right away) That should let you know that there's an error and your machine is e-mailing all by itself
Maybe others can expand on this and correct me.
ZoomBoy
I think it's zero-zero-zero-
0000
or something like that
Anyway, tt will be the 1st one accessed and if entered INCORRECTLY !! (there should be an error in the address that gets caught right away) That should let you know that there's an error and your machine is e-mailing all by itself
Maybe others can expand on this and correct me.
ZoomBoy
something did happen
Well one of them did do something in my case, evrything began to run real slow on my PC and my mcafee virus shield would not start up as normally it did before when windows started up.
reformatted and evrything seems fine now, But beware
Yes any info on the address book thing would be a great help!!
reformatted and evrything seems fine now, But beware
Yes any info on the address book thing would be a great help!!
Swiss AVP updates daily, normally excluding Sundays but I have downloaded updates on Sunday - and I have received replies to service requests at would be 2 - 3 AM European time on a weekend.
Anything less than daily updates will not protect the user. Today's update brings the Siwss AVP to 53,568 files. Kapersky have been consistently ahead of Norton and McAffee - sometimes as much as 48 hours.
To each his own. To me, it is worth the trouble to d/l daily updates and perform sweeps two and three times a day. I have found it pays off in keeping viruses off my system.
Bing
Anything less than daily updates will not protect the user. Today's update brings the Siwss AVP to 53,568 files. Kapersky have been consistently ahead of Norton and McAffee - sometimes as much as 48 hours.
To each his own. To me, it is worth the trouble to d/l daily updates and perform sweeps two and three times a day. I have found it pays off in keeping viruses off my system.
Bing
"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website
From the 101st Airborne Division Association Website
You have received, and according to the descriptions you made, infected, too, by a virus called W32.Klez, or one of its variants.
When activated, it try to shut down any antivirus program installed on the victim's pc.
There's an alert on Warfare HQ site,too, about this; look:
Virus Alert by Scipio
Folks, keep your Virus Protection updated! I have received several infected mails in the last two days, all has as appendix a picture from warfarehq, usually a ladder image, that opens itself. Danger, this appendix is infected with the iframe.exploid or a w32.klez virus!!! An updated Norton can identify them.
However, I recomment to deactivate the preview of your email program and delete all suspicious mails.
When activated, it try to shut down any antivirus program installed on the victim's pc.
There's an alert on Warfare HQ site,too, about this; look:
Virus Alert by Scipio
Folks, keep your Virus Protection updated! I have received several infected mails in the last two days, all has as appendix a picture from warfarehq, usually a ladder image, that opens itself. Danger, this appendix is infected with the iframe.exploid or a w32.klez virus!!! An updated Norton can identify them.
However, I recomment to deactivate the preview of your email program and delete all suspicious mails.
Federico "Resisti" Doveri
I think this started as much as two or three weeks ago - I got an e-mail with a subject line that was suspicious and sure enough it was carrying a virus.
In my case, the sender appeared to be using an Italain alias. No one else reported anything at the time, so we let it go without announcing it on the forum. I thought then - feel stronger about it now - that someone is preyng on WAW forum members.
Eternal vigilance is the price of freedom. Those who don't have an AVP and use it on a daily basis are doing the same thing as going out at night, leaving all the lights on and the front door propped open - an invitation to criminals.
Bing
In my case, the sender appeared to be using an Italain alias. No one else reported anything at the time, so we let it go without announcing it on the forum. I thought then - feel stronger about it now - that someone is preyng on WAW forum members.
Eternal vigilance is the price of freedom. Those who don't have an AVP and use it on a daily basis are doing the same thing as going out at night, leaving all the lights on and the front door propped open - an invitation to criminals.
Bing
"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website
From the 101st Airborne Division Association Website
-
Gen.Hoepner
- Posts: 3636
- Joined: Tue Sep 04, 2001 8:00 am
- Location: italy
You pays yer money - you takes yer cherce. If your system can be infected without even opening the e-mail - apparently it can, acording to Kapersky - then you are going to have to do a sweep of the \Windows folder anyway. Specifically the section where the e-mail folders are located, the \System folder and you had also better check the registry.
If you can't do this with the AVP you have now, it would seem to me it is not doing the job.
You can check
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
in the registy manually to see if it contains:
Krn132 = %System%\Krn132.exe
- as one example of the measures you can take on your own. Kapersky offers a free removal program for several current viruses - you can't beat the price.
Read up on viruses. Lack of knowledge in this area will leave you open to destruction of every file on your HD - also leave you vulnerable to passing on the virus to anyone who happens to be unlucky enough to be in your address book. I would rather not either of these happen.
Bing
If you can't do this with the AVP you have now, it would seem to me it is not doing the job.
You can check
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
in the registy manually to see if it contains:
Krn132 = %System%\Krn132.exe
- as one example of the measures you can take on your own. Kapersky offers a free removal program for several current viruses - you can't beat the price.
Read up on viruses. Lack of knowledge in this area will leave you open to destruction of every file on your HD - also leave you vulnerable to passing on the virus to anyone who happens to be unlucky enough to be in your address book. I would rather not either of these happen.
Bing
"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website
From the 101st Airborne Division Association Website
More Emails!
The "attachment" emails started up again today!!
had 2 of them in my inbox, when I deleted them, I alomost immediately recived the "email returned" message again!
But my outbox showed no outgoing email!
We gotta find out who is behind this crap!!!!!!!!
how about it? any ideas on what we can do here??:mad:
had 2 of them in my inbox, when I deleted them, I alomost immediately recived the "email returned" message again!
But my outbox showed no outgoing email!
We gotta find out who is behind this crap!!!!!!!!
how about it? any ideas on what we can do here??:mad:
-
Gen.Hoepner
- Posts: 3636
- Joined: Tue Sep 04, 2001 8:00 am
- Location: italy
Finding out original virus-sender is not going to happen. What these buggers do, is copy your addressbook and replicate themselves to all who you have in it.
So if one in SP community has a virus in his machine, it will send itself to all PBEM patrners, and so on.
Interpols cybercowboys are tracking these morons who manufacture these things and sometimes they DO catch them, like two Philipinians couple years back, whose virus caused 1,3 billion euros worth damage. Personaly hope they were send to salt mines working the bill of.
So if one in SP community has a virus in his machine, it will send itself to all PBEM patrners, and so on.
Interpols cybercowboys are tracking these morons who manufacture these things and sometimes they DO catch them, like two Philipinians couple years back, whose virus caused 1,3 billion euros worth damage. Personaly hope they were send to salt mines working the bill of.
"Delete everything after crazy!"
-Nimitz
-Nimitz
-
Gary Tatro
- Posts: 1200
- Joined: Fri Feb 01, 2002 10:00 am
- Location: MA, US
Another thing you have not considered
Is that if you have a cable modem or a DSL line and it is not firewalled certain unmoral individuals can hack into your computer and use your computer as a slave and pretty much do anything then want with it. Like send e-mails to other people with viruses attached, without your knowledge, or use your computer as a base of operations to do other hacking.
There is a nice little Web site called ZoneAlarm.com that give you a free firewall to down load and install on your computer that will protect you from such miscreants.
I did it when I found one day after I had upgraded to a Cable modem when I went to shut my computer down and it said that there was someone loged into it and if I shut it down I would disconnect them. This scared the hell out of me and I installed a firewall the nexted day.
Gary
There is a nice little Web site called ZoneAlarm.com that give you a free firewall to down load and install on your computer that will protect you from such miscreants.
I did it when I found one day after I had upgraded to a Cable modem when I went to shut my computer down and it said that there was someone loged into it and if I shut it down I would disconnect them. This scared the hell out of me and I installed a firewall the nexted day.
Gary
"Are you going to do something or just stand there and bleed"
-
Gen.Hoepner
- Posts: 3636
- Joined: Tue Sep 04, 2001 8:00 am
- Location: italy
SERC stands for.....wwll,i do not know exactly...BTW it is the analisys center of Nortnon...they answered to my inquiry sayin that the file corrupted by this virus cannot be reapired with the normal antivirus system.....they give a free tool to eliminate the problem......the tool link is
http://securityresponse.symantec.com/av ... .h@mm.html
hope this helps
http://securityresponse.symantec.com/av ... .h@mm.html
hope this helps
But, when I recieve thes "returned email" things, they are people who are not in my address book, so apparently, its from someone elses mailing list I would presume...Originally posted by JVRyk5
Finding out original virus-sender is not going to happen. What these buggers do, is copy your addressbook and replicate themselves to all who you have in it.
So if one in SP community has a virus in his machine, it will send itself to all PBEM patrners, and so on.
Originally posted by Bing
If you don't guard against viruses you will eventually pay for the neglect. You can read more about the subject on many websites. The one a good number of us on this forum use - because we believe it is the best - is: http://www.avp.ch/ Read and judge for yourself.
Use *nix or a Mac.
At the very least, don't use Microsoft products! There's a reason OE is known as Outbreak Express...
tohoku
YMMV
Debian box emulating Win98SE for games
(faster and more stable than the old native system!)