Email virus going around?!?

[Jon Light (deceased)]

I believe that I read that one of the features of this virus is its adaptability and its ability to change names. So beware of more than just the familiar, listed names. Yes, it is wise to nix anything unfamiliar, anything unexpected, and frankly, anything even from familiar sources unless you were expecting them to send you an attachment.

[Erv Niehaus]

My computer was infected a while ago. Whenever I tried to click on an icon, they started to dance all over the monitor. I checked around and was advised to install PC-cillin. You can access the program at www.antivirus.com. It found 27 files on my computer that had viruses in them and then quarantined them. The people at PC-cillin are constantly updating their program over the internet and downloading their virus protection to my computer. I feel quite secure now!
Uff-Da!

[Ron Whitworth]

Hi All;
I found out yesterday that i was also infected with this terrible virus on my computer..If anyone got this virus from me i am VERY SORRY.As we all know usually once you are hit with a virus it goes theu your address book & gets everyone you have had email contact with.
I went to my local Staples store to purchase The Norton Anti-Virus program..Went over to ask the store manager a few questions about a computer-he saw the program in my hand i was fixing to buy..He asked why so i told him my computer was infected with a virus.He said put it back on the shelf & he gave me a website to download a "trial" version of a program that would take care of the problem.I got back home & downloaded this program & ran it on my 'puter.It found & said it had fixed all the problems.I noticed my 'puter was still running very slow on the internet.So after reading this post; i went to symtac.com & downloaded the virus fix & ran it.Guess what??-it found 28 more infected files on my 'puter & deleted them automatically.I am now back up to normal cruising speed.
THANKS guys for all your help!!!!! Ron

[Wayne Brown]

i just want 10 min. in a locked room with the person who invented this virus...just 10 min....thats all that virus cost me over 1000 dollars <FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Wayne Brown on 01 May 2002 at 04:10 AM.]</p></FONT>

[Jim Phelps]

Ron, I'm sure that Staples employee thought he was doing you a favor by saving you the 20 bucks or so from buying Norton, BUT - remember that trial version is going to expire very quickly and viruses keep coming out every day. If you'd just gone ahead and bought it, you'd have free online updates and they update the virus data files about every 3 days. My bandleader had Norton anti-virus too and thought she was safe. Of course she never got the updated virus .dat files. When I ran (updated) Norton antivirus on her computer, it had 4 different viruses, infecting 394 files! Now she gets the updates once a week.

All of you who are using a trial version or any kind of anti-virus software that isn't constantly updated are having a false sense of security. It may have done a great job of cleaning the virus off your computer, but what about the next new virus? C'mon guys, this is not the time to be cheap! Isn't your computer and all your data stored in it worth 20 bucks? After spending $1000 I'm sure Wayne thinks so!

If I may make a suggestion, whatever anti-virus method you're using, be sure you get the updates at least once a week. If you're not, then you're setting yourself up for another virus attack.<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jim Phelps on 01 May 2002 at 07:50 AM.]</p></FONT>

[Jeff Agnew]

<BLOCKQUOTE><font size="1" face="Verdana, Arial, Helvetica">quote:</font><HR><SMALL>What's the advantage of renaming attachments, Colin?

Isn't a bug by any other name still a bug?</SMALL><HR></BLOCKQUOTE>

To the point, Zone Alarm doesn't rename the file titles, it renames the file extension. On Windoze and UNIX boxes, this prevents a file from launching the associated executable or script action.

For example, a file named "BadBoy.wsh" would normally launch the Windows Scripting Host. Renaming it to "BadBoy.xxx" would prevent it from launching by double-clicking. This is the technique Zone Alarm employs. I'm not on Windoze at the moment and I can't remember the actual extension ZA uses, but it starts with "z" and contains a number.

ZA doesn't rename all attachments, just those meeting its guidelines for suspicious files.

Also, as an aside, you should delete Windows Scripting Host from your machine. Unless you're coding in Visual Basic, you don't need it. And if for some reason you find out later you do need it, you can restore it easily.

WSH is a security hole large enough to drive a truck through. To delete it:

<ol>[*]Select Start/Control Panels.
[*]Double-click Add/Remove Programs.
[*]Click the Windows Setup tab. A list of installed components displays.
[*]Click Accessories to highlight it.
[*]Click the Details... button.
[*]Scroll down to locate Windows Scripting Host.
[*]Click the checkbox to de-select WSH.
[*]Click OK to save your change and close the window.
[*]Click OK again to apply the change and close the control panel.[/list]

To restore WSH, simply reverse the procedure by enabling its checkbox in the Add/Remove Programs control panel.<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jeff Agnew on 01 May 2002 at 07:49 AM.]</p></FONT>

[Mark Ardito]

Ron,

Run, don't walk, back to Staples and purchase that copy of Norton Antivirus version 2002. It will be the best $20 you spent on your computer.

Mark

[Ron Whitworth]

Hi Jim & Mark;
I appreciate your advice very much but i do have a problem with it.A little over a year ago(maybe 1&1/2yrs ago) i purchased the
Norton Systemworks(was expensive when it 1st came out too).I installed it on my computer & my computer crashed more in the next 2 months than in all the years i have owned home computers!!!..It absolutely drove me crazy!!.I finally just took the whole program completely off & my computer has NOT crashed since..I have asked some guys i know who are much more computer savvy than myself what happened & they all told me you need to "throttle the Norton program back some"..
Whatever that means you got me..So it is not an issue of money for an anti-virus program for me-it is ALL of the headaches that were created when i installed that program-it was a NIGHTMARE!!..I thought of selling the program but i can't do that to anyone else..Also; the anti-virus program that i saw on the shelf at Staples were in the price range of $49 & up..Tell me which is the BEST anti-virus program out there that will do the job & NOT mess my computer up & i will go buy it..Let me hear from you folks.
Thanks ....Ron

[Jim Phelps]

Well Ron, I'm pretty sure I don't have the credentials that Mark has, but I did have some training and did tech-support for Dell for a while and I've never heard of anyone having a problem with Norton Antivirus. That was the one recommended (unofficially, of course) by all the most knowledgable guys there, I've used it for years, recommended it to many friends and family who've yet to tell me of any problems. As for Norton SystemWorks, I've never used it and can't tell you why you had the problems you had.

Is the computer you're using now the same one as the one that had all the problems with it? Most often the problematic software is just mis-configured, or may be conflicting with other software installed in the computer. Sometimes there are some computers that for some reason no one can figure, will have all kinds of problems with certain software, maybe conflicting with a device driver. In that case, all you can do is live with it, or uninstall the problematic software, or start uninstalling software and/or devices until the problem is gone, and of course this is really not practical unless you really MUST use that problem-causing software. Anyway, I'd strongly suspect that your Norton SystemWorks was either misconfigured or possibly conflicting with other software. Maybe Mark can shed more light on it.

[Jon Light (deceased)]

If your program included Crash Guard (I think it was called), I pretty quickly ditched that part of it. It caused more crashes than it prevented--consistent with many things I read about it. I would suggest re-installing just the AV part of the package. Unless, of course, you are convinced that it was the AV itself that was the problem.

[Jeff Agnew]

<SMALL>they all told me you need to "throttle the Norton program back some"..</SMALL>

Norton products usually attempt to be all things to all people. As such, they are widely considered in the industry to be bloated and resource hogs.

As Jon noted, Crash Guard is a notoriously unstable component and most techies suggest uninstalling it. When they speak of "throttling Norton back" they are referring to removing all but the most stable and necessary components. You can do this with your installation CD. You really only need Disk Doctor. Others can run from CD, such as Speed Disk.

The problem with SystemWorks is that if you also use Norton AntiVirus it tries to integrate that under the same common controls, as well.

One of the best-performing AV programs available is Kaspersky Antivirus. It updates your virus definitions *daily*. My only complaint is that renewing the license annually is expensive. Also, the interface is a bit obtuse.

You might give AVG a try on your system. It's reasonably lean on system resources, has an intuitive, simple interface, is updated with definitions regularly, and the company will optionally send you a warning e-mail when a nasty virus is making the rounds (like Klez recently). Best of all, it's free.

[Mark Ardito]

Hey guys,

I have tried those Norton System products and have not liked them very much. I have come to the conclusion that sometimes they do more harm than good. I still use good old "Disk Defrag" and "Scan Disk" from windows. For machines that I have Win98/95 and Me I use a program called spinrite from Steve Gibson. http://www.grc.com

The only downfall about spinrite is that on a 20GB hard drive it will take around 28 hours!!!! Yep that's right, 28 hours!!!

Here are the pro's and con's of the Antivirus Software I have found.

McAfee - You purchase version 6.x and as long as you register your copy, you get a lifetime subscription of updates. It also AUTOMATICALLY updates while you are connected to the internet. You don't even know it is happening.

Norton Antivirus - You purchase version 2002 and if you register your copy you only get a 1 year subscription to updates. You will have to submit a credit card to renew your subscription.

PLEASE NOTE - I am not sure that Norton 2002 has this 1 year subscription thing. I know 2001 did. Maybe some Norton 2002 users can step in here.

Norton 2002 is VERY user friendly. McAfee is not so 'nice' looking and sometimes leaves you guessing what you should do. Where as Norton pretty much holds you by the hand.

Both of them are very reputable companies who have excellent products.

Steve Feldmen has brought to my attention a product called "PC - Cillin" I am not familiar with it, but he likes their AntiVirus program.

I use McAfee, but I would recommend Norton for someone who feels uneasy with some computer decissions.

Mark

[Erv Niehaus]

PC-cillin came highly recommended to me. I bought it and have not been disappointed in the least. If you care to check it out go to www.antivirus.com
Uff-Da!

[b0b]

One feature of the worm confuses a lot of people:

<SMALL>The subject line, message bodies, and attachment file names are random. The From address is randomly-chosen from email addresses that the worm finds on the infected computer.</SMALL>

In other words, the "From" address is a lie.

I've been getting emails from people saying that they couldn't run the attachment I sent them. I am not infected, and I never sent them anything!

Lately about 20% of my inbox is this virus. I'm in a lot of address books!

------------------
<img align=left src="http://b0b.com/coolb0b2.gif" border="0"><small>               Bobby Lee</small>
-b0b-   <small> quasar@b0b.com </small>
-System Administrator<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by b0b on 02 May 2002 at 08:15 AM.]</p></FONT>

[Dan Dowd]

I have got the k virus every day for the pasr week. The last one said: From canada411<canada411@sympatko.ca. The Subject said Scrolling. I hope some one catches these jerks and sends them to jail. My Norton catches all these virus's.
<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Dan Dowd on 02 May 2002 at 03:30 PM.]</p></FONT>

[James Henry]

I received the virus described in the forum.
I had the e-mail address of my wife's cousin
who lives in Michigan. It had the word "RECORD" in the subject space. opened the attachment but my Mccaffee virus detector removed it as it was being opened. However, when I ran a complete scan of all my files I found that the e-mail had been backed up automatically by AOL so I had to delete it again.

------------------

[Ron Whitworth]

Hi Everyone;
I just got home from work & was reading thru this thread..
To Jim Phelps:I meant no disrespect to you when i made the comment about Mark's credentials-i value your opinion just as i do his & everyone else's here.I think my problem was that i installed the "whole program" of Norton Systemworks-not just the anti-virus part of it.Yes; i still have the same computer & it is purring along just fine since i removed tha program.
To Jon & Jeff:Everytime i get my hand near the box the Norton Systemworks program is in
my hand gets the "shakes"..I just don't think i can bring myself to put it back on my computer + i am sure it is outdated by a couple of versions at least..I am going to take Mark's suggestion & look into the McAfee program..I like what he said here
" McAfee - You purchase version 6.x and as long as you register your copy, you get a lifetime subscription of updates. It also AUTOMATICALLY updates while you are connected to the internet. You don't even know it is happening".
I want to Thank Everyone who contributed to this thread as i am really learning something here about this virus stuff & the software to fight it..Thanks Ron

[Dan Dowd]

I just got the W32Klez virus again. this time it came from cmschade@commandnet.net anf the subject was Next contain's file. The last one said it came from someone in Canada.

[Jim Phelps]

Hi Ron - Shoot, I know you didn't mean any disrepect to me! I didn't sense anything of the sort. I put the "don't have Mark's credentials" in there just because I'm aware that I really don't! Sorry if I made you think I was somehow offended, that wasn't even in my mind. Back to your problem, sounds like if you're still nervous about Norton (and I can't say I blame you after your experience) then McAfee might be your solution. Good luck, should work out OK.

[Jim Smith]

I have and use parts of Norton Systemworks. I also use WeatherBug, and one of their (many) emails has an offer for Norton Systemworks 2002 for $29.95 including free shipping! Here's the link: http://www.clubape.com/index.cfm/a/browse/lo/aws/refBy/DW20020424/sku/SWN2PC/index.html

Here's some of the hype:

<SMALL>This terrific suite of products from Norton combines the world's #1 utility suite with advanced tools for PC experts. You get 6 state-of-the-art PC utilities costing over $300 if bought separately! Includes 365 days of online updates!</SMALL>

And here's a small disclaimer:

<SMALL>Please note this CD-ROM product ships in a flat pack without a box or jewel case. It comes with complete installation instructions on the CD or with manual included. This utility suite comes with complete on one CD-ROM & includes 365 days of online upgrades.</SMALL>

All in all, it sounds like a heck of a deal! <FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jim Smith on 03 May 2002 at 07:31 PM.]</p></FONT>

[Chip Fossa]

I also have Norton System Works 2001. I've had it well over a year now, and I'm still updating virus definitions etc. for free.

I have everything else that came packaged in
SystemWorks, except the anti-virus, disabled.
And the anti-virus is also shutdown in the background. I put it on when I feel I should check for viruses and take it off after.

I used to have everything on SW up and running and it just overwhelmed the PC. It got to be too much.

[Fred Truitt]

I was zapped with the W32klez.gen virus yesterday, 3 May, While I was out. I came home, opened my e-mail to find approximately 30 returned mail messages I never sent. About 60% of the "To" addresses were familiar. Anyway, thanks to my ISP, he put me on to Symantec and between last night and this morning the removal tools tell me I am clean. I will however get some of the higher powered software, that I've read about on this and other posts. Please accept my apologies if you received any of the disease from me.
TO Mark and all, This is my first time reading this section. It is most informative and I'll check in here from now on..........Fred

[Ron Whitworth]

To Jim Phelps- NO problem..Thanks
To Jim Smith- That is one "smokin'" deal there buddy!! Now you got my wheels turning again..I take it you do NOT have to be a member of this to buy from them at that deep discounted price??
To Fred Truitt- these guys here will help you get your virus problem cleared up as they wwas able to help me out a bunch ...Ron

[HowardR]

Mark, thank you. I just wiped out that virus with the tool that I downloaded from the link which you provided. I've got my Norton antivirus loaded, which I was unable to do previously because of the virus.

This forum is great.

[Harry Hess]

I think I have this Klez virus because I'm receiving email from myself.

I upgraded to the latest version of NortonAntiVirus. I installed it and ran the "Live Update".

I ran a scan and it comes back clean.

I went to the afore mentioned Symantec link to download the "fix", but they have none for Mac and they say the Klez virus does not affect Mac's.

Then why am I receiving email from myself?

Thanks for any help.

Regards,
HH