Virus?

Ron Eggers

SPFG, Supreme Picture Framing God
Forum Donor
Joined
Jul 6, 2001
Posts
16,932
Loc
Wisconsin
I just received a suspicious email that some of you might also receive.

The sender was "decoronline" which is why I took a closer look at it. The subject said "A very new game" which is similar to some virus-infected mail I've gotten. The message said:
Hello,This is a new game
This game is my first work.
You're the first player.
I expect you would enjoy it.
which is also similar to some infected mail I've gotten. There was an attachment called "snoopy.exe" which was 92.9 kb.

I did not open the attachment, of course, and Norton anti-virus, which is up-to-date, did not find anything suspicious.

If you know anything about this, I'd love to hear about it. If you receive a similar message, I can tell you will some confidence that it didn't come from Decor Magazine.
 
Most likely it was the KLEZ.32

I get that daily also with the exact same words.

Mike
 
Ron, I too received this email several days ago. I did not think it to be "official" from decor, so I deleted it without further ado.
BTW, this is something I advise one and all to do when you recieve an email from a) someone you don't know. And b) it has an attachment. Even with up to date virus software, why take a chance?

Thanks for the "heads-up" though!
 
I saw something like that too.
My policy is not to download any file that I do not no exactly where it came from and has a letter with it.

I've made the mistake of saying, what the **** let's see what happens. Norton does not appreciate that very much. Kind of like Russian roulette. Why am I so sadistic? No More though.

Delete - delete - delete - delete - delete - delete - delete - good grief - delete
Actually sometimes I reply back with some ugly comments like "Don't you have anything better to do" I've gotten a few funny responses. :eek: :D
 
Its Klez..... Norton's has found it everytime I receive it, wonder why it missed yours?
 
I did some more digging and this email did originate from Decor Magazine. Perhaps this is one of those insidious little bugs that sends itself out to everyone in the address book. I have gotten legitimate email from Decor Magazine.

I've emailed John Taff and I'm waiting to see what he has to say. But let's be clear that I'm not accusing Decor Magazine of any wrong-doing or negligence. If my suspicions are correct, they have been victimized as well.

For anyone who enjoys/understands these things, here is the text from the header of the message I received. decoronline@pfppublish.com is one of Decor's email address.The other significant sender name here is ParkeAntiques@aol.com.

Received: from rly-ip03.mx.aol.com ([64.12.138.7]) by mc1-f36.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905);
Fri, 16 Aug 2002 06:31:33 -0700
Received: from logs-tf.proxy.aol.com (logs-tf.proxy.aol.com [152.163.197.135]) by rly-ip03.mx.aol.com (v87.21) with ESMTP id RELAYIN8-0816092838; Fri, 16 Aug 2002 09:28:38 -0400
Received: from Sny (AC97D1EF.ipt.aol.com [172.151.209.239])
by logs-tf.proxy.aol.com (8.10.0/8.10.0) with SMTP id g7GDRej408360
for <roneggers@hotmail.com>; Fri, 16 Aug 2002 09:27:40 -0400 (EDT)
Date: Fri, 16 Aug 2002 09:27:40 -0400 (EDT)
Message-Id: <200208161327.g7GDRej408360@logs-tf.proxy.aol.com>
From: decoronline <decoronline@pfpublish.com>
To: roneggers@hotmail.com
Subject: A very new game
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=EUznu12K0pDI6N20283567o0Me0qNjS0e14
X-Apparently-From: ParkeAntiques@aol.com
Return-Path: decoronline@pfpublish.com
X-OriginalArrivalTime: 16 Aug 2002 13:31:33.0662 (UTC) FILETIME=[3CD8EBE0:01C24529]
I have isolated (not deleted) the message and attachment for further study, but Norton AntiVirus is finding nothing there of interest.

Update: Norton AntiVirus detected the W32Klez.H@mm when I attempted to save (not open) the attachment to an isolation folder.
 
John has been out of town on vacation all week. He will be back in Monday (and probally a week behind on most everything), I guess he won't really be able to dig into it until Tues.

This also means two things: Exactly what, I'm not sure of.
 
I just got an email from a friend. There was another email after that one that said "Possible virus detection". This wasn't sent by my virus software, but it said there was a possible infected email with the exact title of the email my friend had sent soI deleted that email without opening it. Haven't talked to my friend to see if she even sent me an email. I don't like this, I have never had a virus, except the kind you take 2 aspirin and call the doctor in the morning kind.

Can I assume that the email detecting the virus was sent to me from somebody elses software who had already discovered the virus? There was a long list of names she had apparently the email to. Or could the email saying "virus detected" actually have been the virus? AAARRRGGGGHHHH! I can't even use the graemlins in fear they will wipe out my post, is there no place where it is safe?
 
I'm not trying to create a panic.

There are two things you can and should do to minimize the risk of damage by malicious content in your email. You've heard these many times, but let's repeat them.

1. Do regular backups of critical files. If your hard drive went up in smoke today, what would be irreplaceable? Program files can be restored from the original installation disks, but the data cannot. Whether you use a Zip Drive, a CD burner or some other backup scheme, use it regularly. I also use a program called Go Back which will help restore things to a pre-disastor configuration, but it won't help if the hard drive is completey wiped out.

2. Install a good anti-virus program, like Norton's, and keep it up-to-date. Norton's can be configured to update the critical signature files - the ones that recognize the new bugs that are released every day.

You're right, Kathy, it's getting worse. It's a sign of the times, but it's also a reflection of the way we use the internet. If you want zero exposure to computer viruses, do not use the internet and do not install programs that other people give you. Otherwise, follow the two steps above and you'll be just fine.
 
Ron, even as I'm writing this I am downloading a more up to date version of Nortons. I let my subscription expire.

Let's create a scenario here: Let's say I have to reinstall my whole system :eek: If I have my Frameready on a zip disc is it just a matter of reinstalling Frameready and then putting the data back in through the zip disc?

Am I using the zip disc correctly? I go to Windows explorer and bring up my program files and drag and drop Frameready into my Edrive(zip).
I also drag and drop Filemaker Pro to the same disc. I may not need to do that part since I have the disc for that. When I zip I empty the disc before I drag and drop the most current stuff. I know the data is on the zip disc because I brought it to a friends house and took a look. I just want to make sure that is all I need.

I am seriously considering uninstalling everything on my computer. It has developed many error messages. It has never been well maintained. I can't even defrag without going into safe mode. I am opening so many programs that say " You have done an illegal operation blah, blah, blah. It was suggested to me I might have a virus that my software couldn't pick up. I have heard of people totally reinstalling everything, but most of all I have to protect my database because it is all I've got here.

Sorry this is so wordy, but if we have to wait for John Taff to come back and address the virus problem at hand we may as well have something else to talk about!
 
Kathy, drag-and-drop is a reasonable way to use your Zip Drive for back-ups. You can also right-click on a file or a whole directory in Explorer and, in the pop-up menu, choose "send to." One of the destinations to send to should be your Zip Drive if you configured your Zip setup that way. If not, let me know and I'll help you change the setup.

If you had to restore your harddrive, you would first install your operating system (Windows 98 SE or whatever,) then the programs and drivers (including the Iomega Zip drivers,) then the data from your Zip disks. You can't restore Windows programs from the Zip because most installations will put files all over you hard drive, including in the Windows directory, and these won't be easily restored from you backups.

The idea of reformatting your hard drive and doing a fresh installation is one that I've advocated for adventuresome people, like you, for a long time. I do it a least annually and sometime more often. It's just like taking everything out of the garage and putting back only what you really need (except that you can't go out to the curb and rescue the stuff you have second thoughts about disposing of.) If you decide to do this, let me know and I'll either post some tips here or email you.
 
Ron, Can't say I'm all that adventuresome. These error messages are making me very nervous though. I just think I need to start over. I was totally computer illeterate when I got this thing 4 years ago and I haven't advanced much since. I'm no longer afraid of it though. I've got all my photos off the computer,thanks to you. As long as I won't lose my Frameready database anything else I have on here is easily reconstructed or unnecessary. I've been looking at those computer deals Mike has posted because I need to replace the one at home which will primarily be for graphics and internet. I want to clean this one up and use it for work related things only. When I am ready I will contact you, thanks for offering. You really are "Da Man".
 
This Norton anti virus is taking forever to download or (deliver) as it's called. I don't think I have ever been on the Grumble for this length of time. Almost like talikng live! I's hope's sheez almost done, I's wants to go home!


P.S. Ron, has that little man typing furiously away on the top of this forum always had your name on it?
 
Originally posted by emibub:
Ron, has that little man typinf furiously away on the top of this forum always had your name on it?
Wow, I never noticed that. Must be a new perk from Framer. Lucky for him I don't have a screen name like "Slowalkintexan."

And I thought framer told me he's been really busy. It's nice to see he still has a little play-time.

Thanks, Framer.
 
Even though it said it was from Decor, I highly doubt it was. The new fad now is to take several related sites and 'send' viruses to each of them from their peers. (using spoofed/fake FROM fields).

That email originated from an AOL session, through a third party mail server. I doubt a company as large as Decor uses "AOL" as their internet feed to the office


The same thing happened to me for one of my other companies (a medical related business). I get about 15 of these per day "from" my competitors. After calling them to inquire, I found out they were getting them "from" me too. All parties involved verified that they were not infected, etc. I traced it back to someone in Florida on a dialup account.

The folks that make this stuff are talented. It's too bad they don't put their skills to work for something *productive*. It's mildly annoying, but you're safe if you run Norton Antivirus(or equivalent)

There is a possibility that someone who works there answers emails from home with AOL & Outlook and has a virus which has distributed itself to everyone in their "Outlook Contact List".

My guess is that Decor probably isn't to blame, even though their name is on it...

It's just a good demonstration of how important a virus scanner really is.

Mike
 
Okay, Mike, here's another one. Same .exe file infected with the same Klez, but this one from Microsoft.com instead of Decor, so I guess you're right. Also, this one came with a jpg in addition to the exe file. Is the ParkeAntiques@aol.com significant, since it's in both headers? I'm not particularly alarmed - just curious and a little annoyed.

Received: from rly-ip05.mx.aol.com ([64.12.138.9]) by mc2-f13.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905);
Sat, 17 Aug 2002 14:34:54 -0700
Received: from logs-wj.proxy.aol.com (logs-wj.proxy.aol.com [205.188.198.5]) by rly-ip05.mx.aol.com (v87.21) with ESMTP id RELAYIN1-0817173432; Sat, 17 Aug 2002 17:34:32 2000
Received: from Cijwjjfv (AC8C2B33.ipt.aol.com [172.140.43.51])
by logs-wj.proxy.aol.com (8.10.0/8.10.0) with SMTP id g7HLX0a118186
for <roneggers@hotmail.com>; Sat, 17 Aug 2002 17:33:00 -0400 (EDT)
Date: Sat, 17 Aug 2002 17:33:00 -0400 (EDT)
Message-Id: <200208172133.g7HLX0a118186@logs-wj.proxy.aol.com>
From: inet <inet@microsoft.com>
To: roneggers@hotmail.com
Subject: A nice game
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=Bn0O2Z56yPh29WyrwhIa8Xu8dBmC60sTJWBd
X-Apparently-From: ParkeAntiques@aol.com
Return-Path: inet@microsoft.com
X-OriginalArrivalTime: 17 Aug 2002 21:34:55.0062 (UTC) FILETIME=[ED711F60:01C24635]
 
Do you recall ever communicating with parkeantiques@aol.com? That might be the infected person who started all this unknowingly.

Mike
 
I have seen a similar one several times, my Anti-Virus software throttles it pretty quickly, however our ISP now has a better filtering system and we rarely see viruses (viri??) anymore.
 
I also have had the same virus detected. It was sent to me by all different people, that I never had contact with.

I use McAfee at home and it catches it in my e-mail but my kids download alot of music and for some reason it has missed a couple viruses they downloaded. And didn't catch it till the virus scan ran automatically. My kids have a way of making the computer do things I've never seen!

I was getting at least two a day and kept blocking sender and deleting till they stopped. I have'nt had one for a while. Hope they stop..
 
Yikes, I've suddenly started receiving these emails too. Mine are from unknown people at MSN.
My virus software has only given me one warning.
I belong to hitchhikers so not opening email from people I don't know isn't really reasonable. Guess I should save that type of activity for home where my information isn't as critical.
Like Kathy, I've never gotten an infected email until a couple of days ago. Makes a girl kind of nervous.
 
Deb, your anti-virus software is unlikely to sound the alarm unless you actually try to open or save an infected attachment. There are probably exceptions, but that's normally the case.

If your email software tells you the size of the message, and it's very large, or if there is an attachment, it's not from a HHer. I have Hotmail set up to put mail from a known mailing list, like the PPFA HH list, into my inbox. It doesn't matter who the actual sender was - it always comes through the HH list. Otherwise, unknown mail goes into the bulk mail folder, where I review it before emptying the entire folder 2-3 times/day.
 
Okay, help me understand this.
The suspicious mail is already going to a bulk mail folder. Now if I try to open it, what will happen? I have gotten 3-4 of these every day or two lately. They have different headings and are from different senders. I hate to delete things without looking, but that is what I've been doing. Is it safe to look as long as I don't open attachments?
Is there some way to know where this all started? Seems like it would be good to let someone know that they are spreading these things around.
Sorry if my questions sound stupid.

Just think of me as cyberchallenged.
 
I'm not a computer wizard but I did a little research on the KLEZ virus and from what I understand it is some kind of worm virus that gets addresses from your computer and just sends out speratic messages with different titles. I don't think you even know it has happened.

Personally, I think the anti-virus software people pay people to come up with these annoying things so you have to use there software. :mad:
 
Originally posted by markg1:


Personally, I think the anti-virus software people pay people to come up with these annoying things so you have to use there software. :mad:
Mark, I couldn't agree with you more!

Deb, I have the same questions as you? Can you get a virus just by opening an email or do you have to do the attachment thing? My answer to the whole thing is, I am not going to open anything I'm not familiar with here at work. I'll save that for my home computer. I plan on replacing that someday if I am ever making money again!
 
Deb and Kathy,

I'm reluctant to answer this, because there's a chance I'm wrong. (There's ALWAYS a chance I'm wrong.) But, in my opinion, you're not likely to get in much trouble opening the text of an email if you don't open any attachments. If you open an attachment, and your anti-virus software is up-to-date, you're still not likely to get in trouble. And if you don't store anything on your hard drive that is irreplaceable, you're gonna be fine, not matter what. (Though you could be in for some inconvenience and possibly some expense.)

This is still one more reason why I'm a big advocate of descriptive subject titles for emails. It helps people recognize legitimate mail. (I did get one infected email with a subject that mentioned The Grumble, however.)

You cannot allow a fear of viruses to disrupt your use of the internet. I know dog owners that won't take their dogs to our excellent dog park here 'cause they're afraid their dogs will catch something. I also know parents who home-school their children simply to minimize their exposure to colds and other viruses. Take precautions, but have fun and be productive.

This is sick, I know, but I actually am happy to detect a computer virus from time-to-time so I know the software is working. :rolleyes:
 
Thanks for the answer Ron.
Like Kathy, I think I'll open questionable email on my home computer where I won't put my ability to do business at risk.
Of course, losing my home computer might just put my sanity at risk!!!
 
Back
Top