This is topic VIRUS ALERT !!!! in forum Old Archives at The Letterville BullBoard.


To visit this topic, use this URL:
http://www.letterville.com/ubb/ultimatebb.php/topic/13/5004.html
Posted by Si Allen (Member # 420) on :
 
They are broadcasting a WARNING about a new worm that is running rampant!

See: http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

Get your Anti-virus program updated!
 

Posted by AdrienneMorgan (Member # 1046) on :
 
Thanks Si..I had to remove Norton as it was causing a lot of problems with my computer.....I

I'm not sure what to do about virus protection now..Norton has always been a problem.

Any suggestions for something better?
A

[ September 18, 2001: Message edited by: AdrienneMorgan ]


 
Posted by Mike Pipes (Member # 1573) on :
 
Rain: McAfee (for virus protection)
 
Posted by Michael Boone (Member # 308) on :
 
Adrienne
Go here....http://www.grisoft.com
DOwnload the free version of AVG...it works pretty good
 
Posted by Tony McDonald (Member # 1158) on :
 
I was just watching a show on tv and they said this virus can't be detected yet by anti-virus software. It mainly goes after servers running Microsoft products and also Internet Explorer 5 and Outlook Express. You don't even have to open the attachment to get it. The only way to keep from getting it is to update IE and Outlook Express to the newest updates.

Geuss what I've been doin'
 

Posted by The Moon (Member # 452) on :
 
Gee, I wonder who released that one...

The sarcastic (transparent?) side of the Moon

In all seriousness... here's Mcafee's link: http://vil.mcafee.com/hoax.asp?
 

Posted by Glenn Taylor (Member # 162) on :
 
Worm warning...... http://dailynews.yahoo.com/htx/nm/20010918/wr/tech_worm_dc_3.html
 
Posted by Bill Biggs (Member # 18) on :
 
In my opinion any e-mail program that automatically opens e-mail and attachments
should not be used. Outlook Express is
one of these programs,
Bill
 
Posted by The Moon (Member # 452) on :
 
here's what McAfee had to say...

What virus is this?

This threat can infect all unprotected users of Win9x/NT/2000/ME.

This is a HIGH RISK virus that is spread via email. The infected email can come from addresses that you recognize.W32/Nimda@MM also spreads via open shares, the Microsoft Web Folder Transversal vulnerability (also used by W32/CodeBlue), and a Microsoft content-type spoofing vulnerability. The email attachment name varies and may use the icon for an Internet Explorer HTML document.

Customizing the program file extension list using VirusScan 4.5 (and higher) may result in a lack of protection against this Trojan. As always, AVERT recommends that users configure VirusScan to scan all files. If this is not an option in your environment, the default extension list should be used.

What can this virus do?

It attempts to create a share (c , and checks for the presence of the Trojan dropped by the W32/CodeRed.c worm. It will attempt to spread itself as follows:
The email messages created by the worm specify a content-type of audio/x-wav with an executable attachment type. Thus when a message is accessed, the attachment can be executed even if the user does not open it and without the user's knowledge.


It adds JavaScript code to HTML documents, which opens a new browser window containing the infectious email message itself (taken from the dropped file README.EML). When this infected window is accessed (locally or remotely), the machine viewing the page is then infected.

Once infected, your system is used to seek out others to infect over the web. As this creates a lot of port scanning, this can cause a network traffic jam.

It creates a SYSTEM.INI entry to load the worm at startup:
Shell=explorer.exe load.exe -dontrunold


A MIME encoded version of the work is created in each folder on the drive (often as README.EML, can also be .NWS files)
Certain execuatble files are selected by the worm and altered.

The virus contains the string : Concept Virus (CV) V.5, Copyright (C) 2001 R.P.China


The copy paste and uploaded side of the Moon
 

Posted by Mark Barnhill (Member # 2204) on :
 
I can personally vouch for this worm. I got it today on my computer at work. I don't have a clue how I got it. It's pretty sneaky. It's the W32.Nimda.A@mm worm. I'm still waiting for Norton to post the fix. Watch out!

BTW: the latest update will NOT catch the virus!

mark

[ September 18, 2001: Message edited by: Mark Barnhill ]


 
Posted by CJ Allan (Member # 52) on :
 
My server apparantly got it, or some other big one. I haven't been able to send or recieve e-mail since about 1:00 pm today......

.....
 

Posted by Gray (Member # 168) on :
 
For VET users downunder, a fix will be available this afternoon - Wed.pm
 
Posted by AdrienneMorgan (Member # 1046) on :
 
I downloaded Grisoft and updated to the latest, but looking at the list of viruses they have me protected from I see no listing for this new one...furthermore, whan I try to go to thier site to get more info, it's down more than it's up.....

Maybe THEY have a virus!!!!

[ September 19, 2001: Message edited by: AdrienneMorgan ]


 


Powered by Infopop Corporation
UBB.classic™ 6.7.2