Aces High Bulletin Board
General Forums => The O' Club => Topic started by: Octavius on February 24, 2004, 04:44:25 PM
-
Just a quick warning to anyone who may have been in my address book.
DON'T OPEN ANYTHING FROM "[EDITED: SOB = studmuffin]"
I might be infected or something. I'll find out in a few minutes.
-
Did you use protection of any kind?
like a good virus scanner?
-
Visit http://security.symantec.com and run the virus scanner there. It's free and quite good.
-
I use Mcafee virus scan. I had it disabled all last week and forgot to turn it back on.
-
that sux man
-
then quit sending me those files that do nothing when i open them.
i wanna see those boobies.
please send a file that works.
boobies.scr seems to be nothing.
-
On the subject of viruses and such, I received a .exe as an attachment from a friend. I knew what it was and it didn't contain a virus. Outlook XP wouldn't allow me to save or open it. No settings in security or anywhere else to allow/disallow attachements of certain file types. Searched the help section and it said it was a "Feature" and I can't change it - Outlook will simply filter out any .exe, .com, .a bunch of other extensions and tough **** if I don't like it! Am I missing something, or did Microsoft just go a step beyond retarded?
-
Did you do this Oct? (http://www.turnofftheinternet.com)
-
SOB you bastard!
-
I am what I am, and that's all that I am. :D
-
Originally posted by JB73
i wanna see those boobies.
please send a file that works.
boobies.scr seems to be nothing.
Here you go.
(http://www.people.fas.harvard.edu/~gfeldman/JPEGs/Blue-footed_Booby.jpg)
-
Originally posted by SOB
On the subject of viruses and such, I received a .exe as an attachment from a friend. I knew what it was and it didn't contain a virus. Outlook XP wouldn't allow me to save or open it. No settings in security or anywhere else to allow/disallow attachements of certain file types. Searched the help section and it said it was a "Feature" and I can't change it - Outlook will simply filter out any .exe, .com, .a bunch of other extensions and tough **** if I don't like it! Am I missing something, or did Microsoft just go a step beyond retarded?
look here:
http://www.slipstick.com/outlook/esecup/getexe.htm#ol2002
-
you should have used a condom!
-
Eagler, you are a wonderful man.
-
Originally posted by Octavius
DO NOT OPEN MY MAIL
That's wierd, I've been reading your e-mail for months, and never noticed anything wrong.
Well, besides the http://www.wookielove.com newsletter.
-Sik
-
Yeah, well McAfee says it was a false alarm...
The wookielove newsletter will continue as planned.
-
Damnit! It IS real. Apparently Mcafee didn't pick up the MyDoom.f the first time around. Got an email from my ISP. I'm using my laptop at the moment and am scanning a second time.
...
-
Amateurs! You spelled Wookiee wrong!
-
Have you considered:
#1.(http://www.symantec.com/sabu/nis/nis_pe/images/o_product_shot_nispe_04.gif)
or just
#2.(http://www.symantec.com/nav/nav_9xnt/images/o_product_shot_nav_04.gif)
Option #1 includes #2, btw.
-
Go with #2 and get hardware for Internet security. And btw, you can find Norton AV for a small fraction of the retail price if you go with oem. Try http://www.pricewatch.com
-
True, but as a heads up, most OEM copies only come with a 3 month virus subscription instead of a 1 year sub, so make sure the OEM copy is more then $15 below the retail copy.
-
Originally posted by Sikboy
That's wierd, I've been reading your e-mail for months, and never noticed anything wrong.
Well, besides the http://www.wookielove.com newsletter.
-Sik
Can you send me Oct's password so I can read his email, too? I tried "LaughItUpFurball" and "ArmOutOfSocket" but neither one seemed to work.
-
Alright, I've scanned twice with McAfee and once with Norton. They claim to find nothing. Yet, I'm getting e-mails saying I'm infected. One person replied and said his anti-virus had detected and squashed a virus in one e-mail... and I never sent that e-mail in the first place. Plus my ISP also claims it cleaned an outgoing virus from an attachment that I never sent.
Help?
-
Originally posted by Chairboy
True, but as a heads up, most OEM copies only come with a 3 month virus subscription instead of a 1 year sub, so make sure the OEM copy is more then $15 below the retail copy.
Here's Norton AV 2003 with 1 yr update for $10.
http://www.store.yahoo.com/glob2000/noan201yefru.html
-
Originally posted by Octavius
Alright, I've scanned twice with McAfee and once with Norton. They claim to find nothing. Yet, I'm getting e-mails saying I'm infected. One person replied and said his anti-virus had detected and squashed a virus in one e-mail... and I never sent that e-mail in the first place. Plus my ISP also claims it cleaned an outgoing virus from an attachment that I never sent.
Help?
You're likely clean. Recent viruses send themselves with a forged from address. Which means that someone that has you in their address book is infected and sending this as you.
-
Great... so if this keeps up my ISP will shut down my connection til I get the "problem" fixed. My non-computer savvy brother had this happen to him (same ISP). I could also just kill my current e-mail address and use another.
But that sucks. Can the ISP do anything about it?
-
It's odd that your isp claims they blocked an attachment coming from you. Normally that would indicate you have a virus. However, since you ran the online scans they should have cleared you. Puzzling, maybe you should talk to your isp.
-
Why don't you just tell us what virus/worm they claim you have? If we have the name, we can tell you whether or not it forges the From: line. If it does, you're not infected and you can give the web page to the ISP and tell them to shove it.
-
You may have to reformat:(
-
Originally posted by Chairboy
Why don't you just tell us what virus/worm they claim you have? If we have the name, we can tell you whether or not it forges the From: line. If it does, you're not infected and you can give the web page to the ISP and tell them to shove it.
I already did ^ up there a few posts. "MyDoom.f"
I just got off the phone with my ISP and they say it's highly unlikely there to be any forgery. They claim I probably had it and already cleaned it off (but somehow missed it in the process :rolleyes: ). The messages I'm getting are just residual bouncebacks from when it supposedly was on the system.
-
Mdoomf was discovered on the 20th. Symantec didn't have new virus definitions until the 23rd. Got a small dose of Mdoom at work. Took down one of our servers. It deleted 11,000 user files off of it.
Mdoomf is one mean little sucker.
-
Send the following URL to your ISP:
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.f@mm.html
Tell them to go to Section 19. The pertinent point in bold below:
From:
The senders name may be one of the following:
jerry
bill
smith
jim
sam
james
alex
with one of the following domains:
aol.com
msn.com
yahoo.com
hotmail.com
--------------------------------------------------------------------------------
Note: The worm may also use the email addresses it finds from the local files.
--------------------------------------------------------------------------------
If the From: line was your address, then it was culled from a file on an infected persons machine. You most likely never had it, and your ISP is in serious need of gathering a clue.
-
Time Warner Cable - Road Runner. I talked to the national help desk too.
Thanks for the link.
-
I'm assuming they detected the virus when you authenticated into their smtp server and then attempted to send the infected attachment. If that is what happened then it is likely you were infected.
I mean when the virus did this, not you personally.
-
Wouldn't the virus scanners have picked it up? The logs don't show anything automatically deleted. I would have seen the results of the several scans I've done.
-
i dealt with this in the original mydoom epsiode. i was getting back mailer daemons saying my emails were bouncing. since i'm pretty on the ball with virus crap (never been infected) after doing my legwork i knew it wasn't me. the kicker was the returned mail (with text) showing what the message was.. it had included the name (and ssn) of someone i knew who had me in his book, so i gave him a heads up. after a few days it all went away.
so yeah, your isp is in serious need of a clue - or at least the people you spoke with. i have rr myself, but i didn't need them to resolve this.
good luck tracking down the person who has you in their addy book and is infected. all it takes is a little break to figure out who it might be.
-
Originally posted by Octavius
I already did ^ up there a few posts. "MyDoom.f"
I just got off the phone with my ISP and they say it's highly unlikely there to be any forgery. They claim I probably had it and already cleaned it off (but somehow missed it in the process :rolleyes: ). The messages I'm getting are just residual bouncebacks from when it supposedly was on the system.
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.f@mm.html
go to the above link, there is a link there for a removal tool. If you have the latest definitions, dated 23rd or later, for symantec or mcafee then a scan will find it.
-
I have the latest definitions for both. They found nothing.
Shane, thats exactly what is happening. If they keep coming in I'll look around for any information that I know. I could post the text of one of them. No important information beside my e-mail in there.
-
If your isp was going by the "from address" to determine who sent the email then yeah, they are definitely clueless. However, no one can log into their smtp server as you without your user account and password, which of course your email client knows and a virus would use.
-
Akiron, when sending SMTP mail, most ISPs don't require a login, they only require it for retrieving mail. In either case, even if you DO log in, in an SMTP session you just send 'FROM: reagan@whitehouse.gov' and it accepts it, it has nothing to do with the login.
-
Oct
had the same thing here, at least one person with my address in their address book was infected and i kept getting the bounce/virus notifications back from various email servers. I have RR here also but even when I was getting 300 to 500 a day,, they never contacted me about it. I sent an email describing the fix to the ppl i thought were the originators of the emails and it slowly went away..
-
Originally posted by Chairboy
Akiron, when sending SMTP mail, most ISPs don't require a login, they only require it for retrieving mail. In either case, even if you DO log in, in an SMTP session you just send 'FROM: reagan@whitehouse.gov' and it accepts it, it has nothing to do with the login.
I think you're worng about that Chairboy. Most do require authentication to send mail. Some may use the connection authentication though or ip address. Without authentication their smtp server can be used by spammers. That's why so many are blocking ip's with open relay these days.
-
Originally posted by Chairboy
Akiron, when sending SMTP mail, most ISPs don't require a login, they only require it for retrieving mail. In either case, even if you DO log in, in an SMTP session you just send 'FROM: reagan@whitehouse.gov' and it accepts it, it has nothing to do with the login.
Any smtp server will allow you to send mail to recipients on that server without authenticaticating. However, using that server to send mail to recipients in another domain will usually fail unless the server uses "open relay" or the user is authenticated.
As I mentioned in the previous post, authentication may be nothing more than allowing a block of ip addresses they assign to their network users to relay email. Still, they should have a log of of what user or ip address attempted to send an infected attachment. If they don't and are going only by the "from", they are clueless.
-
Originally posted by AKIron
I think you're worng about that Chairboy. Most do require authentication to send mail. Some may use the connection authentication though or ip address. Without authentication their smtp server can be used by spammers. That's why so many are blocking ip's with open relay these days.
Yep, open relays are a big no-no.
curly
-
Oct .... all you have to do is look at the message source of one of those infected emails that was sent back to you ... in the last recieved line of the message header it will have the IP of the orgiginating computer ... if it's your IP you were, or are infected ... if it's another IP then it's not you. You can use that IP addy to try to track the person down ... you can atleast get a fix on the city.