katman
MGF, Master Grumble Framer
apparently another worm out there that harvests email messages and affects systems down to windows 95. McAffee.com has some info on its site.
another worm
- Thread starter katman
- Start date
katman
MGF, Master Grumble Framer
sorry-make that McAfee.com. I think the one to look at is called something like sorbid32
This new one is very interesting: W32.Welchia.Worm (a housekeeping trojan?)
It uses the same port 135 exploit to get into your computer, then it downloads the RPC patch (fix) from Windows Update and reboots your computer. It cleans the Blaster infection from the computer, if found. It them tries to send itself to other computers, for the same purpose.
If it sees the year is 2004, it deletes itself.
If you have a router or have already installed the July 16th patch from Microsoft, you don't have to worry about this. This one only infects Windows 2000 and XP machines.
[ 08-19-2003, 03:36 PM: Message edited by: Mike-L@GTP ]
It uses the same port 135 exploit to get into your computer, then it downloads the RPC patch (fix) from Windows Update and reboots your computer. It cleans the Blaster infection from the computer, if found. It them tries to send itself to other computers, for the same purpose.
If it sees the year is 2004, it deletes itself.
If you have a router or have already installed the July 16th patch from Microsoft, you don't have to worry about this. This one only infects Windows 2000 and XP machines.
[ 08-19-2003, 03:36 PM: Message edited by: Mike-L@GTP ]
I'm so glad nobody is targeting cp/m machines like my trusty Kaypro.
As a computer-illiterate, I have a question: I went to install Ad-Aware, and was sent to a site called 'Registry Mechanic'. It was $19.95, and automatically runs itself, apparently looking for worms, catepillars, etc, everytime the computer is used, whether it's used under Janet's or my user name.
Will this absolutely protect us from these worms? I have also installed, or enabled the built in LAN firewall that is available with XP.
PLEASE HELP ME!! I KNOW NOTHING ABOUT THIS STUFF!!
Will this absolutely protect us from these worms? I have also installed, or enabled the built in LAN firewall that is available with XP.
PLEASE HELP ME!! I KNOW NOTHING ABOUT THIS STUFF!!
PurplePerson1
SGF, Supreme Grumble Framer
Ad-Aware is not for worms. It is, I think, to protect against being infested with advertisers.
Firewalls, set correctly and antiviruses protect against most things unless stuff like worms figure out how to get around them.
By the way, you can get Ad-Aware free.
[ 08-19-2003, 05:24 PM: Message edited by: SusanNolan ]
Firewalls, set correctly and antiviruses protect against most things unless stuff like worms figure out how to get around them.
By the way, you can get Ad-Aware free.
[ 08-19-2003, 05:24 PM: Message edited by: SusanNolan ]
PurplePerson1
SGF, Supreme Grumble Framer
Update: Ad-Aware is for Spy Ware.
Adaware has no affiliation with "registry mechanic" that I know of. That was probably just a pop up ad that came up coincidentally. The Registry Mechanic is also highly regarded, but helps diagnose and repair the system Registry file, which holds many of the system settings. Most people won't need this program.
Adaware has a free version for non commercial use. I usually download it from www.download.com. Search for "ADAWARE" and the link comes up to download it.
Adaware handles "Scumware" (aka SPYWARE or ADWARE):
By definition "Spyware" refers to files that are downloaded with an application frequently without the consent or knowledge of the user for the purpose of reporting information back to the application's creator or some third party. The idea behind "spyware" is that your surfing habits, computer habits and who knows what else, are sent over the Internet to be seen by someone else for marketing purposes or other less than ethical reasons. (including credit card #s etc) Riding piggy back with legitimate programs at times, "spyware" is difficult to locate, and works in the background.
"Adware" works like spyware in that it transmits information to another person, persons or group. With adware you are sent advertisements based on your surfing habits. Adware can come bundled with legitimate programs and services on the Net. Like spyware, both are difficult to locate and operate covertly. They tend to slow computers down and cause instability.
Unlike viruses, anti-virus programs cannot locate these intrusions. Since spyware and adware are not technically viruses, and they do operate in different manners, they go undetected by these applications. The same holds true for firewalls. They cannot stop this type of software either.
The MOST important protection is a good virus scanner, such as Symantec's Norton AntiVirus. It's also healthy to check WINDOWS UPDATE every week to get any security patches that are made available. XP can be set to do this automatically.
Most of the lil critters (excluding the recent Blaster and Welchia) come in through email. There are about 200 new trojans and viri weekly, but only a few make the news every year. Nothing will truly protect you, but a weekly Adaware scan, weekly Windows Update, and weekly updates to your virus scanner will greatly help.
Some other options are a piece of equipment called a "router" which goes between your computer and the cable/dsl modem, and acts as a firewall; or a software based firewall, although less effective. There are programs to monitor what your computer is sending OUT as well, which alert you of anything out of the ordinary.
I'm sorry for such a long response.
Mike
PS: I believe the one Katman is referring to is W32.Sobig.F@mm. It's not too out of control, but spreads in the traditional way through email, sending itself out to anyone in your contact list, etc. The message will have a file attached and may say "see the attached file for details". This one self destructs itself shortly before 9/11/03.
[ 08-19-2003, 07:17 PM: Message edited by: Mike-L@GTP ]
Adaware has a free version for non commercial use. I usually download it from www.download.com. Search for "ADAWARE" and the link comes up to download it.
Adaware handles "Scumware" (aka SPYWARE or ADWARE):
By definition "Spyware" refers to files that are downloaded with an application frequently without the consent or knowledge of the user for the purpose of reporting information back to the application's creator or some third party. The idea behind "spyware" is that your surfing habits, computer habits and who knows what else, are sent over the Internet to be seen by someone else for marketing purposes or other less than ethical reasons. (including credit card #s etc) Riding piggy back with legitimate programs at times, "spyware" is difficult to locate, and works in the background.
"Adware" works like spyware in that it transmits information to another person, persons or group. With adware you are sent advertisements based on your surfing habits. Adware can come bundled with legitimate programs and services on the Net. Like spyware, both are difficult to locate and operate covertly. They tend to slow computers down and cause instability.
Unlike viruses, anti-virus programs cannot locate these intrusions. Since spyware and adware are not technically viruses, and they do operate in different manners, they go undetected by these applications. The same holds true for firewalls. They cannot stop this type of software either.
The MOST important protection is a good virus scanner, such as Symantec's Norton AntiVirus. It's also healthy to check WINDOWS UPDATE every week to get any security patches that are made available. XP can be set to do this automatically.
Most of the lil critters (excluding the recent Blaster and Welchia) come in through email. There are about 200 new trojans and viri weekly, but only a few make the news every year. Nothing will truly protect you, but a weekly Adaware scan, weekly Windows Update, and weekly updates to your virus scanner will greatly help.
Some other options are a piece of equipment called a "router" which goes between your computer and the cable/dsl modem, and acts as a firewall; or a software based firewall, although less effective. There are programs to monitor what your computer is sending OUT as well, which alert you of anything out of the ordinary.
I'm sorry for such a long response.
Mike
PS: I believe the one Katman is referring to is W32.Sobig.F@mm. It's not too out of control, but spreads in the traditional way through email, sending itself out to anyone in your contact list, etc. The message will have a file attached and may say "see the attached file for details". This one self destructs itself shortly before 9/11/03.
[ 08-19-2003, 07:17 PM: Message edited by: Mike-L@GTP ]
PurplePerson1
SGF, Supreme Grumble Framer
When I go to http://v4.windowsupdate.microsoft.com/en/default.asp there is a box that says Personalize Windows Update. It analyzes what you have and what you need that the automatic Windows Update does not do.
When I try to download these, they will not download. Is it because of my firewall. The updates took almost 2 hours today and then wouldn't install. I don't want my firewall down that long. I disabled it to install and it still didn't work.
Why is this?
When I try to download these, they will not download. Is it because of my firewall. The updates took almost 2 hours today and then wouldn't install. I don't want my firewall down that long. I disabled it to install and it still didn't work.
Why is this?
PurplePerson1
SGF, Supreme Grumble Framer
I am using Windows XP. Only the automatic updates since June 26 have updated. The ones before that did not. I also got the patch for the worm. There is a log of what I got and didn't get. Everything else I tried to install from the website failed.
tnframer408
SGF, Supreme Grumble Framer
I'm somewhat computer stupid, but could not access some internet activities from some websites., Finally someone from Comcast told me to disable my firewall and try it.
It worked.
Would suggest you temporarily disable your firewall and see ifyou can get your stuff on to your computer.
My cmcast provider gave me the Microsoft download sites. Worked well and instantly. And I use XP. Let me know if you still have trouble and I will TRY--enphasis on TRY--to walk you thru them because, as I said, I'm a lttle dumb on this.
It worked.
Would suggest you temporarily disable your firewall and see ifyou can get your stuff on to your computer.
My cmcast provider gave me the Microsoft download sites. Worked well and instantly. And I use XP. Let me know if you still have trouble and I will TRY--enphasis on TRY--to walk you thru them because, as I said, I'm a lttle dumb on this.
PurplePerson1
SGF, Supreme Grumble Framer
The user account I am using has administrator privileges.
Michael, I will try everything you said tomorrow night. Is 2 hours too long to be without a firewall?
Michael, I will try everything you said tomorrow night. Is 2 hours too long to be without a firewall?
OK. The admin privilege is usually the problem.
Here are some results for a search on "unable to install windows updates":
Official Windows Update Troubleshooter
Tek-Tips Forum
Here are some results for a search on "unable to install windows updates":
Official Windows Update Troubleshooter
Tek-Tips Forum
B. Newman
SGF, Supreme Grumble Framer
I was gone all day yesterday, so when I got in last night I had 12-15 e-mails (which was not unusual) but they were all "returned". I knew that I had not sent but one before I left yesterday morning.
When I looked, they were all to (and returned from) addresses that I didn't know. They did have that "Thank You" as a subject, which is what this worm/virus is supposed to use.
The return thingamajig stuff at the bottom said that they were from outlook express. I don't even use outlook. And NONE of the names were in my address book, and none of My address names were used.
This morning at 7:00am, I had 18 more returned e-mails. But none since then. Maybe it's over?
I don't see a thing different with my pc. Should I be looking for something?
PS This is only on my "regular" e-mail address. It hasn't affected the one I use for HH.
Betty
[ 08-20-2003, 09:23 AM: Message edited by: B. Newman ]
When I looked, they were all to (and returned from) addresses that I didn't know. They did have that "Thank You" as a subject, which is what this worm/virus is supposed to use.
The return thingamajig stuff at the bottom said that they were from outlook express. I don't even use outlook. And NONE of the names were in my address book, and none of My address names were used.
This morning at 7:00am, I had 18 more returned e-mails. But none since then. Maybe it's over?
I don't see a thing different with my pc. Should I be looking for something?
PS This is only on my "regular" e-mail address. It hasn't affected the one I use for HH.
Betty
[ 08-20-2003, 09:23 AM: Message edited by: B. Newman ]
B. Newman
SGF, Supreme Grumble Framer
Oops, spoke too soon. Just got another one.
They are all "to" aol accounts...
Betty
They are all "to" aol accounts...
Betty
Most likely someone is "spoofing" them and putting you in as the sender. (they are probably infected with a virus that does this without them knowing it)
If so, don't be surprised if you get some hate mails and phone calls from people who get infected and think it's really you.
Just to be sure you're not infected, I suggest getting the newest (8/19/03) virus definition file, and doing a manual scan.
Mike
If so, don't be surprised if you get some hate mails and phone calls from people who get infected and think it's really you.
Just to be sure you're not infected, I suggest getting the newest (8/19/03) virus definition file, and doing a manual scan.
Mike
PEAVY
CGF II, Certified Grumble Framer Level 2
words from our server....
Internet service providers and IT professionals world wide are dealing
with a recent spread of 2 internet worms that are wreaking havoc on their
networks, and in some cases bringing networks and internet service to a
grinding halt. Below is some basic information about
these nuisances. below are a few news articles to
inform you on the magnitude of this recent spread.
http://money.cnn.com/2003/08/21/technology/sobig/index.htm?cnn=yes
http://www.nwfusion.com/news/2003/0819navy.html
http://www.ispwifi.com/virus
W32.Sobig.F Details from Symantec
Summary: Sobig.F is a mass mailing worm and sends itself out to email
addresses in your windows address book and files with extensions
.dbx,
.eml,
.hlp,
.htm,
.html,
.mht,
.wab and .txt.
The email message has the following subject lines
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
W32.Welchia - Details from Symantec
Summary: This worm exploits the same vulnerability like the W32.Blaster
worm, but it appears that this worm tries to delete the W32.Blaster worm
and install the necessary patch from Microsoft. It will also scan for
other machines on the network - just like W32.Blaster - and infect
vulnerable computers. While this is a clever and altruistic worm, we do
not recommend you trust it and that you update your virus definitions via
Live Update immediately.
Internet service providers and IT professionals world wide are dealing
with a recent spread of 2 internet worms that are wreaking havoc on their
networks, and in some cases bringing networks and internet service to a
grinding halt. Below is some basic information about
these nuisances. below are a few news articles to
inform you on the magnitude of this recent spread.
http://money.cnn.com/2003/08/21/technology/sobig/index.htm?cnn=yes
http://www.nwfusion.com/news/2003/0819navy.html
http://www.ispwifi.com/virus
W32.Sobig.F Details from Symantec
Summary: Sobig.F is a mass mailing worm and sends itself out to email
addresses in your windows address book and files with extensions
.dbx,
.eml,
.hlp,
.htm,
.html,
.mht,
.wab and .txt.
The email message has the following subject lines
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
W32.Welchia - Details from Symantec
Summary: This worm exploits the same vulnerability like the W32.Blaster
worm, but it appears that this worm tries to delete the W32.Blaster worm
and install the necessary patch from Microsoft. It will also scan for
other machines on the network - just like W32.Blaster - and infect
vulnerable computers. While this is a clever and altruistic worm, we do
not recommend you trust it and that you update your virus definitions via
Live Update immediately.