I spenmt 2 hours sorting out my sister-in-laws pc…i recommend you visiting the microsoft site for advice to prevent that in the future.
And when i got back to the UK, i had a different worm (not the infamous blaster worm) on my pc…done the patches, and when i re-booted, my pc would not work, just finished re-formatting the hard drive and re-installing some programs…grrrrrrrrrrrrrrrrrr.
The worm, known as Sobig, is sending millions or emails to people on a daily basis. The sneaky thing is that the the emails look like they are coming from someone you know. The message says “see the attached filed to details” and you click on it. Several people claimed that I sent them this virus, which is impossible because the “from” is info@legalwiz.com, which I never send from. Also, I use the Norton program, too, which scans outgoing mail.
The lesson is you NEVER open attachments to email just because they are from someone you know. And, when you send email with attchments, describe the attachment for the recipient, “attached is a Microsoft Word File with named ‘X’ - it is 65k in size.”
And, if you really want to be safe, use a MAC like me and Joe do!
go to symantec.com
They have a removal tool you download for free to remove it.
Could have fix the problem yourself. I don’t have the worm on my system but I did download the tool and ran it just today just to be sure. It responded saying the worm was not on my system. I also regularily download the free virus definitions and install them.
The e-mails were immediately deleted by me, when they showed up in my Inbox, because I did not recognize the sender or the topic.
And, no attachments were opened.
This is why I posted this- because the old rules did not apply. Had this been a case of me being stupid enough to have opened files from an unknown sender, I probably would not have taken the time to post on it.
I’d actually done a Liveupdate yesterday, or the day before (?), and a full-system scan, and as I mentioned, the e-mails were quarantined, but as I look at my web-email, I’m seeing that even now, they’re still coming.
Do you have Nortons AV set to scan incoming and outgoing emails? Nortons has the option of this being on or off. Mine is on. If yours is off, you will keep getting infected emails.
Do another file update today.
I run the Inteligent update program which will update each day. I download the update file and install myself. I believe the live update files are only done once a week… may be wrong about that. I did check their site and a new definition file dated 8/20/2003 is posted which has the update files. Futher into their web site there is explainations about the differences between live update and intelligent updater. The live update you did yesterday may have not yet had the update to catch the worm? Of course once you have the update, the worm will be caught everytime. In the mean time, run the removal tool from Symantec as needed each time or try redownloading the file from today.
Here is the link i used:
copy and paste into url.
The removal tool is about 2/3rds down the page. This should remove it from quarantine also.
The emails that are infected will still come from others whom have the worm and may not know it. All you can do is not click on the infected ones until your virus file is updated again. Symantec has a detailed list of email headings to look for to determine which emails are infected at the link above. The .pif extension is a dead give away. Symantec also says the worm de-activates on Sept 10 2003.