Hello all of you...

Just wanted to let you guys know that I got an email twice today with a virus in it as an attachment. The attachement seems to be an TXT file with the name You_are_FAT. I don't know what it does yet or heard anybody talking about it so I don't know if it is very serious or what.

Anyhow how can remove it from my PC, I'm one of those curious web users who likes to point and click at everything. Thanks.

If it is a text file..it can't do anything whatsoever :)

You are infected with the Win32.MTX virus/worm.
This is a virus/worm spreading under Win95,98,NT,ME.
But don't panic, this virus will not destroy
your harddisks.

Read about it here:
http://www.avp.ch/avpve/worms/email/mtx.stm
(press Ctrl+F on your IE and type "fat")

This virus sends lots of emails from your computer
if you are infected (while you are browsing webpages)
with YOUR name on every email.

If you receive an email with one of these attachments,
it's the MTX virus/worm.

README.TXT.pif
I_wanna_see_YOU.TXT.pif
MATRiX_Screen_Saver.SCR
LOVE_LETTER_FOR_YOU.TXT.pif
NEW_playboy_Screen_saver.SCR
BILL_GATES_PIECE.JPG.pif
TIAZINHA.JPG.pif
FEITICEIRA_NUA.JPG.pif
Geocities_Free_sites.TXT.pif
NEW_NAPSTER_site.TXT.pif
METALLICA_SONG.MP3.pif
ANTI_CIH.EXE
INTERNET_SECURITY_FORUM.DOC.pif
ALANIS_Screen_Saver.SCR
READER_DIGEST_LETTER.TXT.pif
WIN_$100_NOW.DOC.pif
IS_LINUX_GOOD_ENOUGH!.TXT.pif
QI_TEST.EXE
AVP_Updates.EXE
SEICHO-NO-IE.EXE
YOU_are_FAT!.TXT.pif
FREE_xxx_sites.TXT.pif
I_am_sorry.DOC.pif
Me_nude.AVI.pif
Sorry_about_yesterday.DOC.pif
Protect_your_credit.HTML.pif
JIMI_HMNDRIX.MP3.pif
HANSON.SCR
****ING_WITH_DOGS.SCR
MATRiX_2_is_OUT.SCR
zipped_files.EXE
BLINK_182.MP3.pif

Quite complex virus/worm...



[Edited by HX on 11-20-2000 at 07:24 PM]

I meant to say that it has the extension of .txt but it is acutally a .exe file...

If you want to clean your infected harddisk,
go to http://www.complex.is and download
F-Prot, it's a top-notch free antivirus.

Do not download AVP because it's not free,
you must purchase it if you want to clean
infected files. Use F-Prot.

If it is a text file..it can't do anything whatsoever
Many e-mail programs will not show anything in the filename after the first dot-extension in an attachment, so README.TXT.pif appears to be README.TXT: a harmless text file.

For more information about this virus see http://www.uk.sophos.com/virusinfo/analyses/w32apology.html

The problem with this virus is that it wont' let me visit http://www.norton.com, or http://www.mcafee.com or any other leading antivirus website. In addition I don't want to be sending emails with a virus in it so all I want to do now is just download the free antivirus and see if that cleans it up. Thanks for your help.

Go on another computer, download it on a disk or whatever then load it :)

Here are some f-prot download links:

ftp://ftp.simtel.net/pub/simtelnet/msdos/virus/fp-308.zip
ftp://ftp.digital.com/pub/micro/pc/simtelnet/msdos/virus/fp-308.zip
ftp://ftp.bu.edu/pub/mirrors/simtelnet/msdos/virus/fp-308.zip
ftp://ftp.rge.com/pub/systems/simtelnet/msdos/virus/fp-308.zip

If you can't pick it up, post your e-mail address and I'll e-mail you a copy. It's about 1.2mb.

OUCH,

thats one heck of a virus, I suggest spending a little money and get norton antivirus it will detect the minute a virus trys to come throgh and warn you.

Thank goodness for me, that my ISP has filters that block, known email viruses.

Hello again..

The reason for this post is because I need your help again. I seem to have found an infected file (wsock32.dll) under C:/WINDOWS/SYSTEM but I am not able to delete it (it says "Cannot delete file, Windows is using this file" I went ahead and downloaded the free F-Prot program...it found the file and it marks it as infected and it is unable to clean it or delete it either.

I went to the store and bouth "Norton Antivirus 2001" and selected to scan the whole directory it; it didn't find it. I then selected the file and had Norton scan that particular file, it came back saying "No Viruses Found". Ahahh!!!

How in the world do I get rid of this virus if none of the programs can't find/delete it???

Thank you for all of your help....

You need to download the latest virus definition files from Norton's site..... Or 'un-mark' the file so that Norton can clean it.

Thanks..

But I tried to download the latest list of viruses using the LiveUpdate feature but the virus won't let download anything and it will crash Norton.

What do you mean by un-select the file??

Thanks.

Bugger.

What I meant was that if possible, you should use F-Prot to 're-infect' the file - once a file is targetted by one virus program, usually another program can't clean it and ignores it.

You could re-format your computer..

Since you can still back up all your documents etc I don't think it would be that much of a problem, would it? :)

Get the Magic Buttlet disk from Dr Sol (or similar). Then boot off the floppy disk, it then scans your hard disk. It can clean *any* file, as none are held open on the system, as there is no system. You can normally download it, or create one using the AV tools.

Moral of the story...... don't open every attachment people send to you. To be honest, the vast majority of exe's people send round claiming to be cool and brighten up your day are just plain shite and not worth opening. Just delete them as soon as you receive them, that's what I say.

Tip: Keep regular backups of all your work, maybe just by burning them to CD. Then if you ever have a disaster like this, wipe machine, copy precious data back on easily. Well worth the 50p per CD.

Tip: Buy good quality (i.e. not Norton) AV software, and keep it up to date. Very inexpensive.

Tip: Don't use Dr Sol with IIS5, causes all sorts of wierd things to happen in your ASP. Or stop Dr Sol scanning your wwwroot directory

[Edited by inwks on 11-21-2000 at 07:01 AM]

I am fat so I just thought that there was some new computer technology out there encouraging me to make some personal changes.

Try excerising, eating less (or at least more healthily), spend less time in front of a computer, etc. etc. Alternatively try hypnosis.......

Originally posted by HX
This virus sends lots of emails from your computer
if you are infected (while you are browsing webpages)
with YOUR name on every email.
[Edited by HX on 11-20-2000 at 07:24 PM]

Is this another one of the melissa deals where it sends out emails to everyone in you address book?

Not really.......

Melissa worked by exploiting the powerful scripting technologies built into Outlook (commercial & express). The script was embedded in the email, so opening the email runs the script. These are nasty, as you only have to read the message. You can get rid of these by simply setting your security settings in Outlook to treat emails as if they were from a "restricted sites" zone, which means embedded scripts are not run. I would recommend this to all, and would recommend that you do not install the Outlook patch as it seriously disables your Outlook capabilities (and cannot be removed).

This virus and other viruses like this (e.g. ILOVEYOU) depend on people's willingness to open all attachements sent to them. You can read the email without any harm, but opening the attachment delivers the payload. These are not particularly nasty, as you have to do is not open the attachment. Why anyone would want to open a text file (seemingly) stating that they are fat or that I Love U is beyond me, unless they are going for litigation against their employer (e.g. your boss opens the ILOVEYOU and it gets sent around to all the secrataries).

I was working on a project for a company when the ILOVEYOU broke out, and their systems were servely disabled because everyone and their dog decided to open the attachment. I pitied their email administrators, as they put in some serious hours cleaning out the system. Even weeks later, minioutbreaks occured, even though people were explicitly told not to open attachments that were not work related. Why? Because the average user is just plain.......... (fill in your own expletive...)

I read the link whoever posted that explained it so i guess not... I was hoping it was along the same lines since after the the whole iloveyou/melissa/etc crap i quit using the addressbook and created my own with an excel sheet... I just like to tell everyone about it becuase it works pretty good. not as easy but if any of those types of emails come running around it isn't gonna find any address to forward to!

Some are now scanning your inbox and other folders for emails, to build a list of addresses.