OT:help with worm

Hi everybody,
Somebody in the uni community appears to have a worm infected
computer. (Excuse me if I’m using the wrong terms–I don’t know much
about this stuff). For the past few months I’ve been getting “bounced”
emails with virus/worm attachments. Norton antivirus has been
quarantining these, and I’ve been deleting them. The emails appear to
originate from people I know (or know about) from unicycling such as
jfoss, nhoover, pkittle, bikeczar, and even dangeruni, but then the
headers say they are from "sachan on behalf of “___” (the unicyclist).
It also appears that other people are getting them with my compuserve
account as the supposed origin (I got an automated reply from a
unicyclist saying they are out of town and will reply later, but I
never sent this person an email). It appears that someones address
book has been heisted. These emails are annoying because the
worm/virus attachments are large and take time to download. Plus they
are creepy. Has anyone else been getting these and does anyone have
any advice on a course of action to stop them? Much obliged–Ted Howe
Sacramento

I feel your pain. I had a trojan virus in november and had to have mywhole hardrive cleaned out and reinstalled it really sucked(mainly because i am on a 56kmodem and a 633Ghz comp). Ill scan my comp to besure im not infected and TY for the heads up.

When I first started getting these “returned mails” (which I know did not originate in my computer…) I asked the same question, see thread:
http://www.unicyclist.com/forums/showthread.php?s=&threadid=20321
Unfortunaley, these “bounced mails” keep coming (at a rate of several a day). I’d be delighted to see this nuisance disappear.

Have fun,
Fred

Re: OT:help with worm

“Catboy” <Catboy.h49fa@timelimit.unicyclist.com> wrote in message
news:Catboy.h49fa@timelimit.unicyclist.com
>
> I feel your pain. I had a trojan virus in november and had to have
> mywhole hardrive cleaned out and reinstalled it really sucked(mainly
> because i am on a 56kmodem and a 633Ghz comp). Ill scan my comp to
> besure im not infected and TY for the heads up.
>

I could tolerate a 56K modem if I had one of those 633GHz computers.

Anyone else get worried when reading a post that says “I have a virus/worm
that I seem to be sending out to people?”

Naomi :wink:

Re: Re: OT:help with worm

Naomi, you post needs clarification: The Klez worm grabs addresses from a computer’s mailing list and send itself to various addresses with another address as “sender”. It does not originate in the computer it claims it is coming from.

Have fun,
Fred

Re: OT:help with worm

“fred” <fred.h4xyn@timelimit.unicyclist.com> wrote in message
news:fred.h4xyn@timelimit.unicyclist.com
>
> Naomi wrote:
> > *
> > Anyone else get worried when reading a post that says “I have a
> > virus/worm
> > that I seem to be sending out to people?”
> > *
>
>
> Naomi, you post needs clarification: The Klez worm grabs addresses from
> a computer’s mailing list and send itself to various addresses with
> another address as “sender”. It does not originate in the computer it
> claims it is coming from.
>
Why? My post was merely a query on whether others were worried by this. I
did not seek to explain the mechanism.
Only you mentioned Klez, the other posters did not name the infection. Are
they talking Klez, or something else? My take on this is that few
individuals know what they are doing with antivirus measures or with virus
cleaning procedures. Many of these infections are far slipperier than
people think. Hence no harm in keeping at arms length if you can…

Naomi

Does Norton tell you the name of the worm when it detects it?

If so a fix is usually just a google away, the problem is if it has infected a community such as this, everyone really needs to run the fix. So when you find it, advertise it here and keep running it every few days until you’re sure everyones fixed it.

Can I ask what your e-mail client is? I no longer use Outlook in any form, as it’s so full of holes that these worms can exploit it’s really not worth it. Personally, I would recommend Eudora. I’ve been using it for a couple of years, and I’ve not had a problem with a worm since, and whats more, its free!!!

I started using Mozilla recently, after being won over by it’s automatic spam filters. Great they are too.

Viruses won’t spread across the forum without the sender knowingly attaching it and the receiver knowingly downloading it. For newsgroupians it depends on the news server, but the chances are they’re okay.

Virus scanners are good, but they are not a replacement for not opening an email you suspect is dodgy (ie. one larger than normal) and definitely not one that pretends it’s a screensaver!

Phil

Yeah maybe I wasn’t clear, it won’t spread from looking at this.

But if you e-mail each other seperately from here, as communitys often do, thats where the problems can occur.

Good luck fixing it.

Re: OT:help with worm

Ted,

I have been getting these things for many many months (as long as the Klez
has been around). There was a lull last Fall, but it has picked up again.

The klez doesn’t just grab addresses from people’s address books. It also
finds them in the cached web pages for people’s browsers. Since you are
using a real address in your postings (as I do), when someone views one of
your postings on a forum web page, your email address will be in their
browser cache. Their virus will start sending copies of itself to you. And
it will send copies to other people, using your return address.

I believe the reason the Klez is so persistent is that it doesn’t usually
do any obvious damage to someone’s computer, plus it is difficult for a
recipient to reply and say “you have a virus”. Once people get infected,
they tend to stay infected for a long time.

If you are running a current AntiVirus program you are unlikely to be
infected.

For those who are not protected, Symantec has a detection/removal tool:

–Mark


Mark Newbold
Montpelier, Vermont USA

OT:help with worm

It’s simple.

Register and post on the web forum.

No more worries about worms, etc.

As an added benefit, the rest of us don’t have to read everything that you read already before we read what you have typed in response to what we all have already read, but must read all over again because you didn’t bother to delete all the redundant quotes before you hit “send”.

I… uh… have this… uh… rash. Could it be a worm? I suppose I should wear cycling shorts the next time I borrow a strangers unicycle. It had a Viscount sadle, if that helps. Doctor?

-c

.

Re: OT:help with worm

I didn’t understand a word of that… :slight_smile:

Phil

my hookwerm 2.5 looks to be great,i wouldnt want get rid of it… :sunglasses:

That was harsh. It was from someone who sends me lots of junk mail, so it wasn’t particularly out of the ordinary.

Just so everyone else isn’t quite as confused, I got a virus recently when I had a temporary lapse of judgement and did the above. (although it was yaha-k, and nothing to do with anyone here) The openness and cheapness of our union bar had nothing to do with any lack of judgement.

Google is good, but I found the sophos website to be best.
http://www.sophos.com/virusinfo/

Another good technique is to get your brother who does computer science on msn and get him to do all the work. Not that he made a very good job of it, I should add.:stuck_out_tongue:

John

That was harsh. It was from someone who sends me lots of junk mail, so it wasn’t particularly out of the ordinary.
Actually I wasn’t thinking of that! Pretending to be a screensaver is probably the most effective way to convince someone to run it; lots of viruses come like this.

The size of an email is the first clue; in Outlook or Outlook Express, turn on the column that shows the size of the email. Viruses are generally 100-200K; if you get one of these, either delete it straight away if it’s obvious, or look in the message source (right click on message->properties->view source) for anything that relates to IFRAMEs or .scr files.

(although it was yaha-k, and nothing to do with anyone here)
Yaha is one of those evil viruses that stops you using RegEdit, the virus removing tool of choice*!

Not that he made a very good job of it, I should add.:stuck_out_tongue:
Tch!
<goes off to find loads of viruses to email to John>

Phil

  • and OS-destroying tool of choice too… you have been warned.

it sound so exciting! a computer virus!
yet i’ve never had the joy of contracting one
theres no decent software for linux;)

I may be alone, but I find getting rid of a virus without a scanner rather a good challenge… :slight_smile:

Phil

Re: OT:help with worm

Thanks everyone for the discussion. It is mostly the Klez worm in the
attachments I’ve been receiving. The infected computor might belong
to one of the Northern Ca unicyclists who is on one of the mailings
list that I’m also on, because we do some direct emailing with
annoucements of upcoming local rides or events. I was just hoping
there would be a way to uncover from the email where the original
souce is coming from so that person could be alerted. (My system is
clean: I never open email attachments unless I’m expecting them, plus
Norton quarantines infected attachments and alerts me. But this worm
is tricky because at first glance it appears that the email is from
someone you know). So I guess if I want to stop getting these
annoying things I’ll have to change my email address. And that might
only be a temporary fix, so why bother.

But if I may repeat what was mentioned earlier: please keep your
systems clean by running your antivirus software regularly. If you
don’t have antivirus software, you need to get it, like, NOW.
Cyberspace is teeming with antisocial teenage punks who are too lazy
pry themselves out of their desk chairs to go out and vandalize the
brick and morter world like was done in the good old days, so they are
devising these annoying viruses to demonstrate their angst. Don’t let
yourself be victimized! --Ted