This new one is very interesting: W32.Welchia.Worm (a housekeeping trojan?)
It uses the same port 135 exploit to get into your computer, then it downloads the RPC patch (fix) from Windows Update and reboots your computer. It cleans the Blaster infection from the computer, if found. It them tries to send itself to other computers, for the same purpose.
If it sees the year is 2004, it deletes itself.
If you have a router or have already installed the July 16th patch from Microsoft, you don't have to worry about this. This one only infects Windows 2000 and XP machines.
As a computer-illiterate, I have a question: I went to install Ad-Aware, and was sent to a site called 'Registry Mechanic'. It was $19.95, and automatically runs itself, apparently looking for worms, catepillars, etc, everytime the computer is used, whether it's used under Janet's or my user name.
Will this absolutely protect us from these worms? I have also installed, or enabled the built in LAN firewall that is available with XP. PLEASE HELP ME!! I KNOW NOTHING ABOUT THIS STUFF!!
Adaware has no affiliation with "registry mechanic" that I know of. That was probably just a pop up ad that came up coincidentally. The Registry Mechanic is also highly regarded, but helps diagnose and repair the system Registry file, which holds many of the system settings. Most people won't need this program.
Adaware has a free version for non commercial use. I usually download it from www.download.com. Search for "ADAWARE" and the link comes up to download it.
Adaware handles "Scumware" (aka SPYWARE or ADWARE):
By definition "Spyware" refers to files that are downloaded with an application frequently without the consent or knowledge of the user for the purpose of reporting information back to the application's creator or some third party. The idea behind "spyware" is that your surfing habits, computer habits and who knows what else, are sent over the Internet to be seen by someone else for marketing purposes or other less than ethical reasons. (including credit card #s etc) Riding piggy back with legitimate programs at times, "spyware" is difficult to locate, and works in the background.
"Adware" works like spyware in that it transmits information to another person, persons or group. With adware you are sent advertisements based on your surfing habits. Adware can come bundled with legitimate programs and services on the Net. Like spyware, both are difficult to locate and operate covertly. They tend to slow computers down and cause instability.
Unlike viruses, anti-virus programs cannot locate these intrusions. Since spyware and adware are not technically viruses, and they do operate in different manners, they go undetected by these applications. The same holds true for firewalls. They cannot stop this type of software either.
The MOST important protection is a good virus scanner, such as Symantec's Norton AntiVirus. It's also healthy to check WINDOWS UPDATE every week to get any security patches that are made available. XP can be set to do this automatically.
Most of the lil critters (excluding the recent Blaster and Welchia) come in through email. There are about 200 new trojans and viri weekly, but only a few make the news every year. Nothing will truly protect you, but a weekly Adaware scan, weekly Windows Update, and weekly updates to your virus scanner will greatly help.
Some other options are a piece of equipment called a "router" which goes between your computer and the cable/dsl modem, and acts as a firewall; or a software based firewall, although less effective. There are programs to monitor what your computer is sending OUT as well, which alert you of anything out of the ordinary.
I'm sorry for such a long response.
PS: I believe the one Katman is referring to is W32.Sobig.F@mm. It's not too out of control, but spreads in the traditional way through email, sending itself out to anyone in your contact list, etc. The message will have a file attached and may say "see the attached file for details". This one self destructs itself shortly before 9/11/03.
When I try to download these, they will not download. Is it because of my firewall. The updates took almost 2 hours today and then wouldn't install. I don't want my firewall down that long. I disabled it to install and it still didn't work.
I am using Windows XP. Only the automatic updates since June 26 have updated. The ones before that did not. I also got the patch for the worm. There is a log of what I got and didn't get. Everything else I tried to install from the website failed.
I'm somewhat computer stupid, but could not access some internet activities from some websites., Finally someone from Comcast told me to disable my firewall and try it.
Would suggest you temporarily disable your firewall and see ifyou can get your stuff on to your computer.
My cmcast provider gave me the Microsoft download sites. Worked well and instantly. And I use XP. Let me know if you still have trouble and I will TRY--enphasis on TRY--to walk you thru them because, as I said, I'm a lttle dumb on this.
Internet service providers and IT professionals world wide are dealing
with a recent spread of 2 internet worms that are wreaking havoc on their
networks, and in some cases bringing networks and internet service to a
grinding halt. Below is some basic information about
these nuisances. below are a few news articles to
inform you on the magnitude of this recent spread.
W32.Sobig.F Details from Symantec
Summary: Sobig.F is a mass mailing worm and sends itself out to email
addresses in your windows address book and files with extensions
.wab and .txt.
The email message has the following subject lines
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
W32.Welchia - Details from Symantec
Summary: This worm exploits the same vulnerability like the W32.Blaster
worm, but it appears that this worm tries to delete the W32.Blaster worm
and install the necessary patch from Microsoft. It will also scan for
other machines on the network - just like W32.Blaster - and infect
vulnerable computers. While this is a clever and altruistic worm, we do
not recommend you trust it and that you update your virus definitions via
Live Update immediately.