OMFG!!!!

Every night I run the free java based copy of PC-Cillin virus detector on my comps

URL = http://housecall.antivirus.com/housecall/start_pcc.asp



Last night I scanned it and had no viruses whatsover...

I am scanning now, and so far I am half way through my hard drive and 91 viruses have been found!!!!! EEEP!!!! They are all WORM.KLEZ.H and P_ELKERN.D

wtf how did I get 91 viruses in 22 hours...I havent even checked email today!!

I think foul play was involved in this...someone must have been using my comp and loaded the viruses....

some people really have no lives...

*growls loudly*

i run a free service with about 6000 registered members and am getting hammered by people that are infected by the KLEZ stuff.

luckily my zone alarm and norton antivirus take pretty good care of everything..

I get somewhere around 100 to 200 emails daily. About a fourth of them are viruses and most of the rest are spam. I even get a few REAL emails thrown in from time to time :-(

OK guy's I need to learn and understand better about your problem, Why? something does not seem correct and if there is a weekness in my system I want to protect it.

so here goes

Speakerguy:

how did the virus get to your system
was it via a web site, or a hack againt you system or was someone at your pc?


skylab:
I use zone alarm also, ( macfee for viruses ), how did it protect you from this virus

Mike

re: zonealarm. my version of zonealarm pro has a little thing called "mailsafe". i'm not relying on it, but, it seems to help.

from what i can tell, it's converting incoming virii attachments from their fake extension to their real extension, somehow aiding my norton antivirus.

every virii i get sent now, says, "zone alarm has converted blah blah.blah to blah blah.zl123415, norton antivirus has whatever whatever..."


this is what the description for the mailsafe program in zonealarm:

MailSafe examines the attachment's filename extension.

If that extension (in the example .BAT) is in MailSafe's quarantine list, ZoneAlarm Pro changes the filename extension to ".zl*" (where * is a number or letter.)


Changing the filename extension 'quarantines' the attachment by keeping it from running automatically.


but yeah.
i also run norton antivirus, the cleaner trojan detector, and i DO NOT use outlook or outlook express at all!

I think I'm going to schedule a system scan for tonight. :D

While we're on the subject of viruses-
Does anyone know of a virus or any problem with a program that might cause Windows to have to repair the registry every time you boot up. It means I have to do 3 restarts to start work - one for Windows to find the problem, one for Windows to fix the problem and one for Windows to boot up properly.
This happens every time I boot up. At least it did, it seems to be gone now. This has happened to me once before, it stopped by itself that time too. :confused:
I'm running Windows 98.

I did a scan, no viruses, yay.
I'm just careful with what I opened, haven't used a virus scanner in years. I should probably get one, but most cost dont they :D

I'll regret it, the day I lose all of my files :(

Originally posted by skylab
If that extension (in the example .BAT) is in MailSafe's quarantine list, ZoneAlarm Pro changes the filename extension to ".zl*" (where * is a number or letter.)

It did that to me a while ago with some other email virus. I had no idea it would do that. I wondered how a virus could infect people with that crazy extension and being associated with ZoneAlarm. I've been confused about it until now. :(

went and grabbed that removal tool from symantec just in case. Ran it, and all is clean. Did a full virus scan an hour ago and all clean :) Had that virus sent to me about 30 times in the past two days, all caught.

For the cost of Norton it's money well spent. If not for your own files, then at least to play a part in protecting the files on computers attached to addresses in your address book.

I don't think there's an excuse to not have virus protection and a firewall nowdays. It doesn't cost much, and if everyone had them we wouldn't need to worry about things like this.

Greg Moore

AVAST
> http://www.avast.com/

AVG6
> http://www.grisoft.com/html/us_index.htm


if you have no antivirus program at least consider a free one. heh.

I agree Greg! We had a free virus protector on the computers for a long, long time. It wouldn't catch anything. We upgraded to Win '98 SE *see how long ago?* and bought Norton. We have had no problems with viruses, yet. We also run Zone alarm constantly.

You get what you pay for!

Sara

hehe, well I've upgraded twice now from Win 98, to Win ME, to Win XP. As Norton becomes useless with a new version of windows, I've shelled out for:

Norton Systemworks 2000
Norton Systemworks 2001
Norton Systemworks 2002

As I say, money well spent, and don't regret it *much*

:)

Greg Moore

Do not use OUTLOOK, EVER!

OUTLOOK is as much a virus as the virus it allows passage to. Nowadays its just like having a virus on your box, if you use outlook you have work on your hands. Heck, Pegasus mail is many times better than outlook and costs nothing, allows downloading of headers first too and easy to integrate PGP all for free. But if your wanting top quality checkout MDaemon at deerfield.com.

OUTLOOK should be renamed to LOOKOUT!

http://www.pocomail.com if you don't mind shelling out $25.

trust me, it's well worth it.

To keep your PC virus-free by blocking viruses in real time, download a free 30-day trial version of PC-cillin, Trend Micro's antivirus solution for home PC users. HouseCall can only detect viruses after they have infected your PC. PC-cillin provides complete protection by blocking viruses at every entry point before they can get into your PC and delete your files or spread to everyone in your address book.

The above text is from Trend Micro's signup page for using HouseCall. Please note, they don't recommend using HouseCall as your only antivirus solution. This is my recommendation as well. If your PC is already infected, HouseCall may not be able to fix the problem. It won't do you much good if the virus you have eliminates your ability to access the Internet. I also have a link to HouseCall on my company web site but wouldn't recommend it as the only option.

Just my thoughts...

Originally posted by Gadgy
Do not use OUTLOOK, EVER!

OUTLOOK is as much a virus as the virus it allows passage to. Nowadays its just like having a virus on your box, if you use outlook you have work on your hands. Heck, Pegasus mail is many times better than outlook and costs nothing, allows downloading of headers first too and easy to integrate PGP all for free. But if your wanting top quality checkout MDaemon at deerfield.com.

OUTLOOK should be renamed to LOOKOUT!

I've been using Outlook as my only e-mail client for nearly five years. I have used every version since Outlook 97. I have never once been infected by a virus while using Outlook. Of all the programs Microsoft makes, I think this is the most valuable. I have had my share of viruses come to me but each and every time they are blocked and I am allowed the option to delete them. I use Norton AntiVirus and would highly recommend the same.

i do use HouseCall as my only virus detector. I should probably pick up a copy of norton or mcafee but dont they hog a ton of resources (more so than AOL) and cost like $30?

Maybe next time I get down to Fry's ill pick one up...
(frys= big electronics store in Cali =D )


For now, I saved a copy of the web page/java applet to a floppy disk in case i ever lose my net connection.



As per outlook VS Pegasus, I cant get pegasus to run.
Erm, let me rephrase that, I dont know how to get pegasus to run. Ive downloaded and tried installing it at least twice, but it just wont work with my pop server (which is weird....)

I really hate using outlook (it is SO unbeleivably stupid).



I dunno how 122 viruses got onto my comp (when I said 91 the scan was only half way done). Im really thinking someone loaded them off a floppy/cd...I know for a fact I didnt check email all day, nor did I download any files besides the latest CS patch.....

Originally posted by skylab
AVAST
> http://www.avast.com/

AVG6
> http://www.grisoft.com/html/us_index.htm


if you have no antivirus program at least consider a free one. heh.

Which of the 2 do you recommend more?

markblair,

Of all the programs Microsoft makes, I think this is the most valuable

he he,
mail client more valuable than office, ms-sql, blah blah... he he he..

I AGREE :)

in fact i would go as far as to say its better than there operating systems, it will never ever ever be anywhere close to being as great as the M$ mouse, the only M$ thing I have that has not failed me!

Using any email system on windows that works as outlook regardless of virus scanner is going to put your system at risk constantly.


Speakerguy,

do you get a wierd tcp/ip error when trying to send with pegasus?

I have had this problem with a few machines and have not figured out what it is as yet, unfortunately pegasus errors are not that discriptive. I had the same error before from timeouts.

Might be worth your while looking a bit deaper into it, would the mercury mail server handle your pop? You might even email pegasus, sure he will answer.

But, I realy do urge you to download MDaemon and try it.

Originally posted by Gadgy
he he,
mail client more valuable than office, ms-sql, blah blah... he he he..

I AGREE :)

in fact i would go as far as to say its better than there operating systems, it will never ever ever be anywhere close to being as great as the M$ mouse, the only M$ thing I have that has not failed me!

I should correct myself: Outlook is the best of any Microsoft product I've used. Not all since I haven't used MSSQL or probably several others. Speaking of Office applications though, it's the only one I've made a point to install over and over and over again, whenever setting up my computer due to some Microsoft OS screwup...:mad: BTW, that mouse is pretty good, isn't is? I have the Microsoft IntelliMouse with IntelliEye and it's run great since day one (probably just jinxed myself).

Originally posted by Gadgy
Using any email system on windows that works as outlook regardless of virus scanner is going to put your system at risk constantly.

I'd have to agree with this as well. As much as I prefer Outlook, I still know that I am at a greater risk of getting a virus due to it. Simply because people dislike Microsoft so much, they make viruses to take down MS applications/systems, etc. Good point.

i have only used AVG briefly. BUT, of every poll / review i've seen/heard, they recommend AVG over avast.

AVG is supposedly extremely good AND not a resource hog, such as norton.

ALTHOUGH, in my experience, avast updates their virus definitions more often that avg.

Originally posted by Zorbs


Which of the 2 do you recommend more?

I don't like McAfee as much as when I downloaded the trial of Norton, but I got McAfee for free so I'm not complaining. Usually Best Buy has deals where you pay $30 for McAfee and get a $30 rebate, so that's what I did :)

Also when I went to one of those computer shows and sales, there were tons of Norton discs (just the disc) for $10-20. But I'm not sure if those are bootlegs or not :confused:

i used to see "VALUE" versions of norton 2000/2001 at large computer and office stores for $9.99. it's just the disc in a printed CD sleeve with no manual.

Norton Antivirus email protection feature had being very useful for the past few days that detect uncountable klev email for us. In additional, we had zone alarm installed as well for tighter security. :)

I recommend using norton antivirus 2002 and above version with email protection feature.

btw, we don't use outlook . So we are pretty safe from getting infected. :D :D :D :D

Ack... I just used the HouseCall scan.

Apparently, my computer has got 476 files infected with the NIMDA virus. :erm:

I'm not real sure how you can get so many viruses. Anyway, I have found very little in the way of scanning software for linux. On my home pc's I run './chkrootkit' every night followed by 'tripwire -m c', and on my server I run './chkrootkit' followed by 'tripwire -m c'.

I'd suggest switching all your comps to some sort of *nix. Linux is certainly not fully immune to the virus makers, but you have a greater chance in not getting them on a day to day basis.

Regards,

Jeff

Klez virus removal:

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html

I've been looking at the headers of the klez files which have come to me, below is one:


From landrel@multiweb.nl Mon, 06 May 2002 04:17:36 -0700
Received: from [212.83.64.166] by hotmail.com (3.2) with ESMTP id MHotMailBE9F8D6E00744004375BD45340A6F4CE818; Mon, 06 May 2002 04:16:07 -0700
Received: from qn-213-73-206-60.quicknet.nl ([213.73.206.60]:1555 "HELO Dsdx")
by quicknet.nl with SMTP id <S33550AbSEFKE3>;
Mon, 6 May 2002 12:04:29 +0200
From: bienvenid <bienvenid@chello.nl>
To: hot_cold_2000@hotmail.com
Subject: Van zoekresultaat 13
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=Dbp028ak5w38
Message-Id: <20020506100429Z33550-15035+210289@quicknet.nl>
Date: Mon, 6 May 2002 12:04:29 +0200


Now, the "from" line above the "to: me" line, is the one its *not* from, right?

So, what is the one in bold then?

The real one?

How about you? What's in your headers?

Douglas

I would like to thatnk those that responded to my questions withing this thread. alot of great info was disclosed. and I never have a problem learning

Mike

hmm, just do what i do, update ever 2 hours !!, most of the time i get:

06/05/2002 22:44 Update EPSERVER\Administrator The new DAT file is the same version as the existing file.

but every once in a while ill get :

04/05/2002 02:02 Update NT AUTHORITY\SYSTEM Update of DAT files is successful!

-- works quite well :-)

and e-mail, i normally pick that up once a month,lol