New virus, please read - Posted by rm

Posted by rm on August 22, 2003 at 10:10:52:

Thanks for the suggestions.

I took my computer in on Wednesday.

As I mentioned earlier, Norton caught some of the e-mails, but not all of them. And, no, I did not open any attached files.

Part of the problem may also have been a recent system restore that Dell had advised me to perform the night before.

New virus, please read - Posted by rm

Posted by rm on August 20, 2003 at 16:59:17:

Well, there’s a first time for everything…

and my computer is right now in the shop, being fixed due to a brand-new worm.

You can read about it here:

http://us.mcafee. com/virusInfo/default.asp?id=description&virus_k=100561

Eliminate the space between mcafee and com.

My Norton antivirus actually quarantined the messages that contained this virus, but I STILL got it.

If you get this virus, you should disconnect from the internet until it’s removed, as there’s no fix for it yet.

Just a friendly heads up.

Re: New virus, please read - Posted by Arthur

Posted by Arthur on August 21, 2003 at 19:48:02:

I spenmt 2 hours sorting out my sister-in-laws pc…i recommend you visiting the microsoft site for advice to prevent that in the future.

And when i got back to the UK, i had a different worm (not the infamous blaster worm) on my pc…done the patches, and when i re-booted, my pc would not work, just finished re-formatting the hard drive and re-installing some programs…grrrrrrrrrrrrrrrrrr.

Don’t open attachments - Posted by William Bronchick

Posted by William Bronchick on August 21, 2003 at 08:48:37:

The worm, known as Sobig, is sending millions or emails to people on a daily basis. The sneaky thing is that the the emails look like they are coming from someone you know. The message says “see the attached filed to details” and you click on it. Several people claimed that I sent them this virus, which is impossible because the “from” is info@legalwiz.com, which I never send from. Also, I use the Norton program, too, which scans outgoing mail.

The lesson is you NEVER open attachments to email just because they are from someone you know. And, when you send email with attchments, describe the attachment for the recipient, “attached is a Microsoft Word File with named ‘X’ - it is 65k in size.”

And, if you really want to be safe, use a MAC like me and Joe do!

Re: New virus, please read - Posted by Joe Kaiser

Posted by Joe Kaiser on August 21, 2003 at 01:33:27:

Will it infect a Mac?

Didn’t think so.

Joe

Re: There is a fix… - Posted by Gary

Posted by Gary on August 20, 2003 at 18:00:08:

go to symantec.com
They have a removal tool you download for free to remove it.
Could have fix the problem yourself. I don’t have the worm on my system but I did download the tool and ran it just today just to be sure. It responded saying the worm was not on my system. I also regularily download the free virus definitions and install them.

My last words on this - Posted by rm

Posted by rm on August 22, 2003 at 10:15:01:

The e-mails were immediately deleted by me, when they showed up in my Inbox, because I did not recognize the sender or the topic.

And, no attachments were opened.

This is why I posted this- because the old rules did not apply. Had this been a case of me being stupid enough to have opened files from an unknown sender, I probably would not have taken the time to post on it.

Re: New virus, please read - Posted by Wai Chung

Posted by Wai Chung on August 21, 2003 at 05:16:59:

http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

Systems Affected: Microsoft IIS, Windows 2000, Windows XP

Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 3.x, Windows 95, Windows 98, Windows Me

-Wai Chung

Re: There is a fix… - Posted by rm

Posted by rm on August 20, 2003 at 18:20:47:

I’d actually done a Liveupdate yesterday, or the day before (?), and a full-system scan, and as I mentioned, the e-mails were quarantined, but as I look at my web-email, I’m seeing that even now, they’re still coming.

Ugh.

Re: Forgot to ask… - Posted by Gary

Posted by Gary on August 20, 2003 at 19:06:23:

Do you have Nortons AV set to scan incoming and outgoing emails? Nortons has the option of this being on or off. Mine is on. If yours is off, you will keep getting infected emails.

Re: There is a fix… - Posted by Gary

Posted by Gary on August 20, 2003 at 19:00:26:

Do another file update today.
I run the Inteligent update program which will update each day. I download the update file and install myself. I believe the live update files are only done once a week… may be wrong about that. I did check their site and a new definition file dated 8/20/2003 is posted which has the update files. Futher into their web site there is explainations about the differences between live update and intelligent updater. The live update you did yesterday may have not yet had the update to catch the worm? Of course once you have the update, the worm will be caught everytime. In the mean time, run the removal tool from Symantec as needed each time or try redownloading the file from today.

Here is the link i used:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

copy and paste into url.

The removal tool is about 2/3rds down the page. This should remove it from quarantine also.

The emails that are infected will still come from others whom have the worm and may not know it. All you can do is not click on the infected ones until your virus file is updated again. Symantec has a detailed list of email headings to look for to determine which emails are infected at the link above. The .pif extension is a dead give away. Symantec also says the worm de-activates on Sept 10 2003.

I hope this helped some