Topic: Virus Warning  (Read 5778 times)

0 Members and 1 Guest are viewing this topic.

Offline KAT J'inn

  • CFO - Kzinti War Machine, Inc.
  • Lt. Commander
  • *
  • Posts: 2294
  • Gender: Male
Virus Warning
« on: July 17, 2004, 01:52:36 pm »
I'm getting bombarded with e-mails that have obvious virus attachments.    I'm getting them from players.   Tracey, Jeff,  etc. etc.

Somebody's computer forgot to use protection methinks.

Offline Green

  • I'm not a
  • Commander
  • *
  • Posts: 3004
Re: Virus Warning
« Reply #1 on: July 17, 2004, 01:57:35 pm »
Damn'it guys ... he caught on ...

Offline Capt Jeff

  • 1AF
  • Lt.
  • *
  • Posts: 736
  • Gender: Male
    • Facebook
Re: Virus Warning
« Reply #2 on: July 17, 2004, 03:38:24 pm »
Just checked..... not me !

Sometimes, doesn't a infected machine send out e-mails from it's own address book?   That would explain why you got a mail from me when I didn't send one?
Capt Jeff

Former SFC2.NET Administrator
C.O., Heavy Command Cruiser
USS Crasher NCC 1733

1AF---Friendship, Honor, Fun.  It's what we Play For.

Offline Hexx

  • Sexy Shoeless Lyran God Of War
  • Captain
  • *
  • Posts: 6058
Re: Virus Warning
« Reply #3 on: July 17, 2004, 05:06:19 pm »
J'inn -any email you may get from me will be Virus free.
It may look like it contains a virus, you're virus protection may think it contains a virus.
May even have an executable with called "VirustokillJ'innssystem.exe"

But I promise you, you won't catch a thing from it.
Courageously Protesting "Lyran Pelt Day"

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13068
Re: Virus Warning
« Reply #4 on: July 17, 2004, 05:21:18 pm »
J'inn -any email you may get from me will be Virus free.
It may look like it contains a virus, you're virus protection may think it contains a virus.
May even have an executable with called "VirustokillJ'innssystem.exe"

But I promise you, you won't catch a thing from it.


J'inn will be safe if he uses this E-Mail program.

Just a helpful hint J'inn.
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline SPQR Renegade

  • Lt. Junior Grade
  • *
  • Posts: 19
Re: Virus Warning
« Reply #5 on: July 17, 2004, 06:15:58 pm »
J'inn -any email you may get from me will be Virus free.
It may look like it contains a virus, you're virus protection may think it contains a virus.
May even have an executable with called "VirustokillJ'innssystem.exe"

But I promise you, you won't catch a thing from it.

Same here Jinn.
Ohh.. Be sure to ignore any files with names starting with SPQR in your temp internet files. They're harmless.

I promise.
 ;)

Offline OlBuzzard

  • renegade
  • Lt. Commander
  • *
  • Posts: 1759
  • Gender: Male
Re: Virus Warning
« Reply #6 on: July 17, 2004, 07:52:45 pm »
I have had the same problem..  got a nasty trojan that had to be removed by puter techs..  set me back a few bucks.  IMHO .. there is something else reponsible.  Nanner got hit with one that is simular and fortunatly due to my problem was advised by the technitions to get Spybot Search and destroy as well as Ad-aware 6.0.

I now daily scan my sytem and daily find new bugs creaping around.  Most of it is comming from spy ware stuff.  Most the baddies have programs that actually mimic or watch your key strokes to get into your system ( I think that is how it works).  I'm hoping to get a more sophisticated system/firewall etc to hellp out when we go to either DSL or Cable.  (Hopefully very soon)

Nanner might be able to give ya more detail on the technobable...

hope this helps a little..
If you aim at nothing:  you WILL hit it every time !

Offline kbf-jd

  • Lt. Commander
  • *
  • Posts: 2431
Re: Virus Warning
« Reply #7 on: July 17, 2004, 08:21:40 pm »
Just checked..... not me !

Sometimes, doesn't a infected machine send out e-mails from it's own address book?   That would explain why you got a mail from me when I didn't send one?

Jeff & Jinn,

You are both basically correct.

Someone you both send e-mail 2 very likely has a virus on their computer.  But the virus is changing the "from" address.

IE  Kim's PC(just an example) could have a virus.  It looks in Kim's Address book and sees Jinn and Jeff's addresses.  So it sends J'inn an email that says it's coming from Jeff.  That way when Jinn gets the e-mail, he calls Jeff and tells him he has a virus.  All the time, it's actually Kim's PC with the virus....

Virus writers are getting very tricky...

But the chances are good that someone you both know has a virus...  That narrows it down some, but not much....

jd 
« Last Edit: July 17, 2004, 10:57:41 pm by kbf-jd »

Offline C-Los

  • Lt. Junior Grade
  • *
  • Posts: 436
  • Gender: Male
Re: Virus Warning
« Reply #8 on: July 17, 2004, 10:18:08 pm »
Everything in and out of mine, is run thru an AV check... ;)
C-Los, Commanding Officer U.S.S. Scorpion




"Life is short, have fun and enjoy !"

Offline Cleaven

  • Lt. Junior Grade
  • *
  • Posts: 375
  • Gender: Male
Re: Virus Warning
« Reply #9 on: July 18, 2004, 12:37:40 am »
Everything in and out of mine, is run thru an AV check... ;)

This is not directed at anybody in particular but just what does "an AV check" mean?

To most people "anti-virus" covers a lot of things, and they think if they have a package with anti-virus on the box it covers everything.

Currently the most common attacks are via e-mail attachments, open ports to windows vulnerabilities, and downloading dodgy software. Also of hazard is the "malware" which can also be downloaded via "free" software or installed just by browsing with Internet Explorer.

The defences are many and do different things. Hardware firewalls can hide you from the rest of the world and block ports. Software firewalls can block ports and scan the data passing through. Data and system monitors can check data as it comes and goes, and check for virus like activity on your PC. And scanners can check files as they arrive (e-mail,  messenger) or check all files on your hard drive on a (eg) weekly basis. All of these could be considered anti-virus, but one on its own is more likely to provide a false sense of security. Only a multiple layered defence should give you confidence, and then only if it is updated frequently with new signatures.

So having "anti-virus" doesn't mean it wasn't you that sent out 15 thousand e-mails soliciting for a Nigerian banking scam, or that every key you hit plus all your personal info left in IE caches is being recorded and sent to a server in Russia. Also you probably will have no real way to know that you have been "taken over" until your ISP shuts down your connection, or your identity is used to buy god knows what and you no longer have a credit rating.

Of course this only happens to a few people, and most of us are innocently oblivious, because everybody has anti-virus. Right?

Not sure I can be bothered, but as you are the Doc, can you run an AI standard patrol in 2 minutes in a KRC? If so, there is no problem and I am utterly wrong. If you cannot, then the KRC is a worse ship for AI missions than ones I know can.

Offline SkyFlyer

  • D.Net Beta Tester
  • Commander
  • *
  • Posts: 4240
  • Gender: Male
Re: Virus Warning
« Reply #10 on: July 18, 2004, 02:52:42 am »
Use mozilla. Run your AV program every night right when you go to sleep. When you get up to make breakfast, launch your anti-spyware/malware/adware program. Rinse and repeat.
Life is short... running makes it seem longer.

"A god who let us prove his existence would be an idol" - Dietrich Bonhoeffer

Offline Gook

  • Catbert
  • Lt. Junior Grade
  • *
  • Posts: 405
  • Gender: Male
Re: Virus Warning
« Reply #11 on: July 18, 2004, 03:29:25 am »
There is something out in netland which has caused me and others mucho problems. It has the charateristics of gaobot virus, but has thus far been undtectable by Symantec, Mefee, etc. etc. Indeed they deny there is a  problem. I run Norton full security, Spybot and Adaware and still got it (all fully upto date). Symptoms are disabled AV software, zombification, password stealing and keyboard logging. See:

http://www.computing.net/security/wwwboard/forum/11688.html

Very tricky to get rid of.
KAT-Gook, OBS,OoW,MTA,SoK.
KAT-Fleet
Kzinti Hegemony

The God of War hates those who hesitate
.....Eurypides



Offline Cleaven

  • Lt. Junior Grade
  • *
  • Posts: 375
  • Gender: Male
Re: Virus Warning
« Reply #12 on: July 18, 2004, 04:14:09 am »
Use mozilla. Run your AV program every night right when you go to sleep. When you get up to make breakfast, launch your anti-spyware/malware/adware program. Rinse and repeat.

yep, just run that magic "AV program".

Not sure I can be bothered, but as you are the Doc, can you run an AI standard patrol in 2 minutes in a KRC? If so, there is no problem and I am utterly wrong. If you cannot, then the KRC is a worse ship for AI missions than ones I know can.

Offline Cleaven

  • Lt. Junior Grade
  • *
  • Posts: 375
  • Gender: Male
Re: Virus Warning
« Reply #13 on: July 18, 2004, 04:19:07 am »
There is something out in netland which has caused me and others mucho problems. It has the charateristics of gaobot virus, but has thus far been undtectable by Symantec, Mefee, etc. etc. Indeed they deny there is a  problem. I run Norton full security, Spybot and Adaware and still got it (all fully upto date). Symptoms are disabled AV software, zombification, password stealing and keyboard logging. See:

http://www.computing.net/security/wwwboard/forum/11688.html

Very tricky to get rid of.



Yes it's a nasty, because of the variants. Did you get rid of it, or give up, format and start from scratch (or image)?

Not sure I can be bothered, but as you are the Doc, can you run an AI standard patrol in 2 minutes in a KRC? If so, there is no problem and I am utterly wrong. If you cannot, then the KRC is a worse ship for AI missions than ones I know can.

Offline Gook

  • Catbert
  • Lt. Junior Grade
  • *
  • Posts: 405
  • Gender: Male
Re: Virus Warning
« Reply #14 on: July 18, 2004, 08:00:01 am »
There is something out in netland which has caused me and others mucho problems. It has the charateristics of gaobot virus, but has thus far been undtectable by Symantec, Mefee, etc. etc. Indeed they deny there is a  problem. I run Norton full security, Spybot and Adaware and still got it (all fully upto date). Symptoms are disabled AV software, zombification, password stealing and keyboard logging. See:

http://www.computing.net/security/wwwboard/forum/11688.html

Very tricky to get rid of.







Yes it's a nasty, because of the variants. Did you get rid of it, or give up, format and start from scratch (or image)?


Format, only way to be sure ! Both home and work.
KAT-Gook, OBS,OoW,MTA,SoK.
KAT-Fleet
Kzinti Hegemony

The God of War hates those who hesitate
.....Eurypides



Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: Virus Warning
« Reply #15 on: July 18, 2004, 08:06:10 am »
<rant on> 

:soap:

Easiest way to stop worms like this:

DO NOT USE YOUR ADDRESSBOOK, if you must keep a list of e-mail addresses put it on removeable media.

Do not set MSN to sign in automatically and add contacts only for the time they are needed and remove immediately when done.

Get a router.

Don't let anyone else use your PC without close supervision.

Do not use anonymous proxies (don't use any proxy at all) ...anonymous... me arse!

If you must browse for porn or stolen software please do not use any webbrowser but rather a bot like Teleport Pro and learn how to use it effectively. ;)

If the ad says your computer clock may be wrong... ignore it, for the love of God, please... There are plenty of safe time servers out there like time5.nrc.ca - you do not need to install gator spyware.

Anytime you see a security certificate - examine it closely - if it is from Entrust accept it, from anyone else refuse it. Verisign is currently in legal battles against ICANN to protect their perceived right to park on misspelled domains and advertise on them... Thawte is known to sign spyware used by sites that many trojans and browser hijacks will direct you to...

You do not need to run an on-demand virus scanner all the time (it slows your machine considerably).
I scan my network approximately quarterly - always comes up clean - and I am fully aware of what my virus scanner misses. (Trojans, hijacks etc...) If your virus scanner can't remove a particluar virus go to sarc.com and follow the manual removal instructions if available, if not, track it down and kill it yourself...

You do not need to install multiple software firewalls, it slows your connection measurably. (and God knows what else)

Use your common sense man!

I've been virus free for years now with this approach. (Except the few times I've put Kazaa on a machine - knew the virus was coming with the download, strip the virus from the file take what I want off then wipe tha machine...) Oh yeah, did I mention do not run Kazaa or any other file sharing program... (including mp3s... if you want the album, go buy it man... way superior sound quality...)

Yes, ad-aware and spybot S&D help, but you can avoid the trouble by not creating the need for them.

Set your browser to only accept 1st party cookies...

Think before you click!

Oh yeah, keep the recycle bin empty and disable system restore too (its a disk hog anyway...).
and empty your temporary internet files regularly and temp file folder (disk cleanup - no compression)

Also, if you have the beast known as "evidence eliminator" installed do the following:
Go out to the backyard and gather all the brush and dry wood that you can in a big pile,
go to the gas station and get a liter or two of gas in a small gas can, bring it home, sprinkle
about 1 cup over your pile of brush and wood, go into the house get the computer and
bring it out and put it on top of the gas soaked pile... add another 1/2 cup of gas for good measure,
bundle a piece of rag on the end of a stick, soak it in gas and light it, stand back and throw the
torch on the pile - you are not qualified to own a computer online...
(you may want to get a burning permit from the local authorities first...;))

</rant off>
« Last Edit: July 18, 2004, 10:20:43 am by Bonk »

Offline KAT J'inn

  • CFO - Kzinti War Machine, Inc.
  • Lt. Commander
  • *
  • Posts: 2294
  • Gender: Male
Re: Virus Warning
« Reply #16 on: July 18, 2004, 11:13:05 am »
<Reads Bonk's Post>  <Scratches Head> <starts typing>. 


<rant on> 

:soap:

Easiest way to stop worms like this:

DO NOT USE YOUR ADDRESSBOOK, if you must keep a list of e-mail addresses put it on removeable media.



Address book?  Why would my litle black book have anything to do with my computer.   It's not even int he same room.   Man I hate computers!   They are sooo touchy.   And yes, my little black book is removeable.       How else would I hide it when ShopRex comes over.  I mean really Bonk,   I am a professional here.   But I guess you are keeping it basic for other, less <ahem> studly members here.

Quote

Do not set MSN to sign in automatically and add contacts only for the time they are needed and remove immediately when done.



Again.   This is for beginners.   No way I would let MSN sign me in automatically.   Shop Rex could use my computer one day and I don't think I could explain certain people on my contact list.  Especially "HotMomma53763" and StripperQueen647"

Quote
Get a router.


eh?

Quote
Don't let anyone else use your PC without close supervision.


NO KIDDING!   See above.

Quote
Do not use anonymous proxies (don't use any proxy at all) ...anonymous... me arse!



ARE YOU NUTS!!  I am not going to use my real name for those certain hedonistic sites!  I have a reputation of being a fine and upstanding gentlemen in the community.    A lifetime membership to Hooters.Com just would not go with that if it became public.

Quote

If you must browse for porn or stolen software please do not use any webbrowser but rather a bot like Teleport Pro and learn how to use it effectively. ;)



A bot?   They have PornoBots?   Golly.   Brave New World indeed.   I'll take a PamAnderson 2000 please with all the upgrades.

Quote
If the ad says your computer clock may be wrong... ignore it, for the love of God, please... There are plenty of safe time servers out there like time5.nrc.ca - you do not need to install gator spyware.


Gator spyware?   Man College Football has gotten ugly.  But why would the Gators want to spy on my computer unless . . .. <GASP!!>   They know about my offshore footballl betting!!    AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH!!!

Quote
Anytime you see a security certificate - examine it closely - if it is from Entrust accept it, from anyone else refuse it. Verisign is currently in legal battles against ICANN to protect their perceived right to park on misspelled domains and advertise on them... Thawte is known to sign spyware used by sites that many trojans and browser hijacks will direct you to...



Ummm.   I don't think that will work.   I have a sign on my door that says "Trust Me. I'm your Lawyer"  and no one does.   Just saying it's from Entrust just ain't going to work.  Erm . . . Trust me.

Quote
You do not need to run an on-demand virus scanner all the time (it slows your machine considerably).
I scan my network approximately quarterly - always comes up clean - and I am fully aware of what my virus scanner misses. (Trojans, hijacks etc...) If your virus scanner can't remove a particluar virus go to sarc.com and follow the manual removal instructions if available, if not, track it down and kill it yourself...


Don't Trojans prevent viruses?   I'm really lost here.

Quote
You do not need to install multiple software firewalls, it slows your connection measurably. (and God knows what else)



Firewhat?   Whazzthat?


Quote
Use your common sense man!


HEY!!  There is nothing "common" about Lord J'inn!!   Live it! Love it! Learn it!

Quote
I've been virus free for years now with this approach. (Except the few times I've put Kazaa on a machine - knew the virus was coming with the download, strip the virus from the file take what I want off then wipe tha machine...) Oh yeah, did I mention do not run Kazaa or any other file sharing program... (including mp3s... if you want the album, go buy it man... way superior sound quality...)


Yeah I met that Kaaza chick a few years back to.   "On your machine" <snicker>.  I'll have to remeber that.  But yeah I had to get a few shots after that night also.    She was pretty wild though.   I don't remeber her running around with files though.   Kinky monkey.

Quote
 
Yes, ad-aware and spybot S&D help, but you can avoid the trouble by not creating the need for them.


Wha?

Quote
Set your browser to only accept 1st party cookies...


Ewww!   Are there people really sick enough to but half eaten cookies?  Sheesh.  What a world.

Quote
Think before you click!


What's a "click"?

Quote

Oh yeah, keep the recycle bin empty and disable system restore too (its a disk hog anyway...).
and empty your temporary internet files regularly and temp file folder (disk cleanup - no compression)


Wha?

Quote
Also, if you have the beast known as "evidence eliminator" installed do the following:
Go out to the backyard and gather all the brush and dry wood that you can in a big pile,
go to the gas station and get a liter or two of gas in a small gas can, bring it home, sprinkle
about 1 cup over your pile of brush and wood, go into the house get the computer and
bring it out and put it on top of the gas soaked pile... add another 1/2 cup of gas for good measure,
bundle a piece of rag on the end of a stick, soak it in gas and light it, stand back and throw the
torch on the pile - you are not qualified to own a computer online...
(you may want to get a burning permit from the local authorities first...;))



Interesting evidence elimination trick.   I prefer bribing the authorities though.  Last time I tried burning evidence I found out that bullets don't react well with fire.   Neighboors are still asking what happened to Fido.


Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: Virus Warning
« Reply #17 on: July 18, 2004, 01:52:24 pm »
 :rofl: - I deserved it...

Offline Cleaven

  • Lt. Junior Grade
  • *
  • Posts: 375
  • Gender: Male
Re: Virus Warning
« Reply #18 on: July 18, 2004, 04:47:54 pm »
I never thought of running two software firewalls. Now that is funny.

Not sure I can be bothered, but as you are the Doc, can you run an AI standard patrol in 2 minutes in a KRC? If so, there is no problem and I am utterly wrong. If you cannot, then the KRC is a worse ship for AI missions than ones I know can.

SSCF-Rolling

  • Guest
Re: Virus Warning
« Reply #19 on: July 18, 2004, 06:50:28 pm »

Quote



IE  Kim's PC(just an example) could have a virus.  It looks in Kim's Address book and sees Jinn and Jeff's addresses.  So it sends J'inn an email that says it's coming from Jeff.  That way when Jinn gets the e-mail, he calls Jeff and tells him he has a virus.  All the time, it's actually Kim's PC with the virus....




I feel so dirty now..... and paranoid.  ;D