Just a Warning

[PakRat]

Yep - turn off the preview pane. Also, don't forward in Outlook/Express as that opens the e-mail too. About the only thing you can do in Outlook/Express is go to properties and then view the message source. That will reveal the actual code of the message.

Leave it to the spammers and the virus kiddies to make e-mail almost as dangerous as unprotected sex.

---
PakRat
http://www.jump.net/~cs3" TARGET=_blank>63rd FS, 56th FG
"Zemke's Wolfpack"

 
"Juggies, dance us back in history!"

[bloom25]

The virus you got was W32.hybris.gen.  I posted a warning about this virus WAY back in December.

Get it cleaned off fast, it could seriously damage your computer.  Norton can remove it if you have the newest updates.

(BTW:  This is the virus that turns your gunsight white, messes up your sounds and views.)



------------------
bloom25
THUNDERBIRDS

[hblair]

Man, what kinda freak would go through this kind of trouble?

 

Virus Characteristics  
When first executed, this worm tries to infect the WSOCK32.DLL file in the WINDOWS\SYSTEM directory. First it tries to infect the WSOCK32.DLL file directly. If it fails because the file is already in use, then it creates an infected copy on the WSOCK32.DLL in a new file. This new file goes by an extensionless filename made up of 8 random characters. A line is then created in the WININIT.INI file to rename this newly created file to WSOCK32.DLL, thus overwriting the original WSOCK32.DLL file. This change takes place the next time the system is booted. A registry value under Software\Microsoft\Windows\CurrentVersion\RunOnce\(default) is also created to run the worm at the next bootup, in case the previous attempts to infect WSOCK32.DLL fail.
The modified WSOCK32.DLL file watches all Internet activity and attempts to mail a copy of the worm, in the form of a .EXE or .SCR file, to any valid e-mail address sent over the Internet connection, whether part of a e-mail message, web page, or newsgroup posting. AVERT cautions all users to delete unexpected attachments. W32/Hybris.gen@M is sent unknowingly by the infected user.

This Internet worm originally downloaded encrypted update components from an Internet web site, similar to the method first used by W95/Babylonia, but the site hosting the virus was taken down. The original plugins were:

HTTP.DAT
NEWS.DAT
ENCR.DAT
PR0N.DAT
SPIRALE.DAT
SUB7.DAT
DOSEXE.DAT
AVINET.DAT

Currently this virus downloads plugins from alt.comp.virus. The virus contains an internal list of several news servers it can access. It searches the newsgroup for any plugins that it doesn't have, or has older versions of. Since the worm searches all Internet activity for e-mail addresses, people who post to alt.comp.virus using their real e-mail address may get many copies of the worm when Hybris searches alt.comp.virus for new plugins.
When a full moon occurs according to the computer's internal clock, the virus will randomly post its plugins to the alt.comp.virus newsgroup. It uses a mail-to-news gateway at anon.lcs.mit.edu to send plugins with a fake return address of root@microsoft.com.

This Internet worm contains the text:

HYBRIS
(c) Vecna

 

[Lizard3]

punt

[AKSeaWulfe]

 

Originally posted by Moose11:
Hey HB
I ran back to his apartment (phone line busy) and bolted upstairs - yep, he opened it, but Hotmail caught the virus before it could do any damage.

Hotmail, Yahoo or any free web based email account automatically scans attachments for viruses or anything that resembles a virus string and will notify you. Typically if it's a known virus, a big warning pops up and it won't immediately download the file without first warning the user.

Whenever someone I know buys their first PC and isn't very computer literate, I tell them to register for a free email account... it usually keeps them clean of viruses.

In the 8 years I've been using computers, I've never had a virus on my own computer. Luck of the draw or I just know what I'm doing, not really sure which. :-)
-SW

[Snoopi]

 

Originally posted by LePaul:

As for how the email address is divulged to these guys?  Thank the folks at Network Solutions and others....if you own a domain (I have 12), your contact info (email, addres, etc) are all sold to spammers on a regular basis and the info is freely available just by doing a WHOIS on any domain.

I had the same problem with my AOL account I use for when I travel.  All kinds of spam and junk, and they refused to stop it, so I forwarded it all to Steve Case, AOLs CEO.  That got noticed, and I never had a spam message again    

Forwarded it to the CEO ! Nice job !  

Like you say..
-always use AND update your virus scanner.
-like your mom said "you don't know where it's been" so don't open it unless you do.
Just because it came from  a friend doesn't mean they sent it.
It could just be a virus using your friend's address book.
If you don't expect the file, don't open it. Check with who sent it.
Scan every damn file you get or download.
I got a patch from a commercial site and found that it was infected, so don't assume that legit files are O.K.

How to avoid Spam email....

Keep a few accounts.
One for trusted individuals.
One for other individuals
One for a junk account.

never put your main email address on any website. (THere are apps that search the net for any email address and add them to a database)

-Many free sites sell your email address.
-those FREE e-cards are a great way for companies to collect email addresses to sell
- don't reply to those "remove me from your list"  emails. (most of these are just a way of testing which emnails are valid, by replying, your are letting them know the email address is valid and you get ADDED to a list NOT REMOVED.
-Join "www.spamcop.net". A site dedicated to stopping spam. (includes tools to report spammers to their ISPs)

bottom line: if your email is on a inscure web page,or you sent it to a site, then some email database now has it, and it has been sold to spammers.
(think bbs sigs)

one way of avoiding this is
by posting your email as

blah@hotmail.com.nospam
as opposed to blah@hotmail.com

that way a human can figure out how to email you but a email bot cannot.
It is prefered to put the 'nospam' text as the last entry, otherwise an email server, or domain server will have to check if it's valid.
In this case there is no domain called nospam so the email doesn't even go to the .com domain at all

This obviously doesn't work for signup forms processed by machines, or boards like this one. The solution for that is to create a throw away account that you change every month, and use it for sites like the AH board.

BTW
I have been able to keep my main email account free from spam for 3 years and counting.    


HBLAIR: Sorry to hear about it   that does really suck.
the only way to stop spam is never let them get your email address.
once they have it, the only option is to change it or put up with the spam.  
Once you change it, be very wary of who you give it out to, or where you post it.


Good Luck
Snoopi



[This message has been edited by Snoopi (edited 03-23-2001).]

[Voss]

Got this months ago and deleted it immediately. No one I know sends .scr files.

I use Outlook Express and have always survived in the past. I just don't automatically open these things.

------------------
Voss
13th TAS

[NHMadmax]

Most of the new virus auto send to every one in you address book all ways check attachments with virus checker before you load them u should have no problems if you follow this. I use 2 diffrent ones mcfree and InoculatIt. got InoculatIt from. www.rocketdownload.com.

------------------
 


[This message has been edited by NHMadmax (edited 03-23-2001).]

[Bluedog]

I got this exact same file sent from some guy called hahaha about six months ago.....just after I had got a new email addy, and the ONLY place anyone could have got it from was this board, as far as I am aware.
I had to format C: to get rid of it.....the only things I could see that it actually did was remove gunsight picture and sound from Aces High.
Another suss bit is there is a guy playin' AH that goes by the handle hahaha, not blaming him, whoever it may be, it just all seems a little bit TOO coincidental to me.
<S> Blue

[coyote]

received the snow white email several times. Something told me, "that has just got to be a virus." so I always deleted the message...