Sat, Nov 9, 10:42 PM CST

Renderosity Forums / Poser - OFFICIAL



Welcome to the Poser - OFFICIAL Forum

Forum Coordinators: RedPhantom

Poser - OFFICIAL F.A.Q (Last Updated: 2024 Nov 09 8:30 pm)



Subject: Warning! - New Virus trick


Spanki ( ) posted Tue, 13 April 2004 at 12:17 PM · edited Sat, 09 November 2024 at 10:40 PM

Sorry if this has been mentioned before, but there seems to be a cute new way of naming attatched e-mail virus files. The most recent one I recieved was addressed from: "abuse@gov.us" oooh... very official/scary sounding! ;) The title of the e-mail was: "Internet Provider Abuse" and the text of the message was: "I noticed that you have visited illegal websites. See the name in the list!" ...so anyway, there's an attatched file named "spanki_details.zip" and inside the zip file is what LOOKS like an .rtf file (Rich Text Format - which can be read with NotePad or WordPad)... BUT (and this is the tricky part, so pay attention) after the '.rtf' extension is a whole bunch of spaces and then a '.scr' extentsion. If you just double-clicked on that, it would execute the program/virus! (obviously I didn't run it - I knew it was a virus as soon as I saw the 'from' field). As always, your best bet is to never open anything unless you're expecting it from someone you know ahead of time - or at the very least be very suspicious of any unexpected attachments and take proper precautions.

Cinema4D Plugins (Home of Riptide, Riptide Pro, Undertow, Morph Mill, KyamaSlide and I/Ogre plugins) Poser products Freelance Modelling, Poser Rigging, UV-mapping work for hire.


ockham ( ) posted Tue, 13 April 2004 at 12:23 PM

The virusers are indeed getting more clever. I got a virus mail recently from an address that appeared to be my own website; just about opened it, thinking it was some kind of upgrade offer from the ISP.

My python page
My ShareCG freebies


nickedshield ( ) posted Tue, 13 April 2004 at 12:24 PM

I agree with you Spanki, I just saw a little blurb on the subject on the news last night but didn't catch the whole thing.

I must remember to remember what it was I had to remember.


c1rcle ( ) posted Tue, 13 April 2004 at 12:44 PM

I wonder if it only targets US citizens, cause that would be a dead giveaway for anyone else. There's always at least one person who clicks something like this & wonders why nothing happened till their system gets fried.


unzipped ( ) posted Tue, 13 April 2004 at 1:09 PM

If you live with windows (and most of us do), just don't open email attachments, period. It may make file transfers a bit more tricky, but it's the best way to keep away from badness. It's what I do, and it helps me sleep better at night.


pakled ( ) posted Tue, 13 April 2004 at 1:18 PM

and watch out for something called i-search toolbar..the malware that's as bad as a virus..:| lost me email, and can't seem to deleted it (have some nasty programs that might do the trick, tho..;)

I wish I'd said that.. The Staircase Wit

anahl nathrak uth vas betude doth yel dyenvey..;)


unzipped ( ) posted Tue, 13 April 2004 at 1:27 PM

If you haven't done so already, go here www.lavasoft.de, download the free version of adaware. Install it, run it - it should fix your malware problems. Then go here www.mozilla.org, download mozilla, install it, run it, use it for your browser and your email. Never run IE again. It will solve most of your MS/Internet related virus/worm/trojan problems. PS. They're both free.


c1rcle ( ) posted Tue, 13 April 2004 at 1:33 PM

one possible slight problem with not running IE, Windows Update doesn't work on any other browser for me. Anyone else had trouble with it? or is it just me again?


c1rcle ( ) posted Tue, 13 April 2004 at 1:35 PM

ps Ad-Aware like unzipped mentioned will get rid of almost every leechware program you might have got attached to your system :)


Mason ( ) posted Tue, 13 April 2004 at 1:46 PM

Also viruses are disguised as return mail. You get a message saying "Daemon mail server: undeliverable mail" with an attachment.


unzipped ( ) posted Tue, 13 April 2004 at 2:09 PM

"Windows Update doesn't work on any other browser for me" O.K. so I exaggerated - you'll still need IE for stuff like this. Only use IE for things like that - hopefully the connection and data from MS won't be nasty, if you're getting hosed by stuff you receive from MS, we've all got bigger problems. :)


Tyger_purr ( ) posted Tue, 13 April 2004 at 2:28 PM

Personally, I run Norton AntiVirus, Ad-aware, Spybot, Zone Alarm, Mozillas Firefox for internet (love those tabs), and Mozillas Thunderbird for email.

I only use IE to get windows updates and it has to ask permission to access the internet (from zone alarm) every time.

Anybody know a program other than Outlook express that can access hotmail accounts?

My Homepage - Free stuff and Galleries


artnik ( ) posted Tue, 13 April 2004 at 2:32 PM

I will never open any attachment from an unknown source. I have two virus protectors, and zone alarm and aol has a pretty decent spam filter, but I take no chances. A good rule to follow: NEVER,EVER open attachmentzs or photos, or click on links from unknown sources!


c1rcle ( ) posted Tue, 13 April 2004 at 2:36 PM

Attached Link: http://www.fitsoftware.com/hotpop/

Tyger have a look at Hotmail Popper, there's a free trial & the site says it works with thunderbird, haven't tried it myself but it might be useful to you :)


Savage_Artistry ( ) posted Tue, 13 April 2004 at 4:54 PM

You could also try Mail Washer (not sure of the address where you can find it, but it's sure to be found on www.download.com or you could find it in a google search). It's meant to combat spam, but it lets you preview all your messages from any pop3 or hotmail account before downloading them. It also lets you send fake bounceback messages to spammers - although I have not noticed it makes much difference. The shareware version is free and doesn't expire.


diolma ( ) posted Tue, 13 April 2004 at 4:58 PM

I gave up on hotmail about 8 months ago - switched to Yahoo. So far I have had NO (NO = nil, nothing, de nada, zilch) spam in my inbox:-)) Cheers Diolma



igohigh ( ) posted Tue, 13 April 2004 at 5:54 PM

Attached Link: http://www.javacoolsoftware.com/downloads.html

The new SpyBlaster ver.3.01 now supports not just IE but Mozilla's FirFox as well, great companion to SpyBot S&D. (also free) They also have a few other nice security apps on their page.


Mason ( ) posted Tue, 13 April 2004 at 8:39 PM

I run an older, crappier version of Eudora before it could show attachements (it was all text based). It simply can't run an attachment, show a pic or do anything else except show text and a link to the downloaded item.


Replicant ( ) posted Wed, 14 April 2004 at 4:02 AM

Attached Link: http://www.annoyances.org/exec/forum/winxp/1080246483

Pakled mentioned the Isearch toolbar. I got caught with this nasty little bugger a few days ago and its a BEAR to get rid of. I found this link helped a lot. Read it all before you start. He left some important info until the end. Anyone thats been hit by this one might find that their browsers will no longer take them to any of the major AV or Anti-Spyware sites. It hijacks and redirects any attempts to link to these sites to a null page. Following the instructions in the link above were not fixing the problem for me because I couldn't update any of the necessary software until I found another thread that directed me to a Util called Hijackthis. http://download.com.com/3000-2144-10227352.html This addy will take you to Download.com to get it as the damn Isearch thing blocks access to the Spyware site it originally comes from. It'll list all sites that are being redirected from your browser and restore things for you.


Expert in computer code including, but not limited to, BTW; IIRC; IMHO; LMAO; BRB; OIC; ROFL; TTYL. Black belt in Google-fu.

 


TrekkieGrrrl ( ) posted Wed, 14 April 2004 at 4:35 AM

Off yeah that ISearch crap is tough! My daughter's computer got infected with it last week. All of a sudden she couldn't even connect to the ISP's logon page (good thing though coz it made her call for mommy before the crap infected our network too L) I'm not even sure I got rid of it properly, Avast keeps popping up telling about some trojan it finds (and deletes, then finds it again some hours later :o/ ) I ran AdAware Pro - it found 76 bits and pieces that weren't supposed to be there! And this is ONE MONTH since I left her that computer. And by then it was CLEAN! Oh yes and 2 virii too. Luverlee :o( I keep telling her NOT to say yes and install all that crap those verious sites tries to pester her with, but it's apparently fallen for deaf ears. Now I hope she got just a LITTLE scared (she couldn't use her computer for a full DAY! That ought to be scary enough for a 13-year-old computaholic GG But I'll surely try this link and see if it finds more crap. Thanks!

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



Spanki ( ) posted Wed, 14 April 2004 at 5:09 AM

Hehe.. here's another cute one I just recieved... From: support@symantec.com [yeah, right] Subject: Re: Virus Sample [at least there's some truth in the title ;)] Message Body: "The sample file you sent contains a new virus version of mydoom.j. Please clean your system with the attached signature. Sincerly, Robert Ferrew" [newsflash - I never sent them anything] Attatched file: "signature_spanki.txt ....pif" ...note the .pif extension tacked way over on the end(Windows executable Program Information File). Fairly clever overall.. I bet a lot of people get burned on things like that.

Cinema4D Plugins (Home of Riptide, Riptide Pro, Undertow, Morph Mill, KyamaSlide and I/Ogre plugins) Poser products Freelance Modelling, Poser Rigging, UV-mapping work for hire.


FishNose ( ) posted Wed, 14 April 2004 at 5:28 AM

I got hit by exactly this 2 years ago. That was when I got my firewall and realtime scanner. So it won't happen again :o( :] Fish


TrekkieGrrrl ( ) posted Wed, 14 April 2004 at 6:57 AM

Yeah I've gotten e-mails from myself G Or rather "support@[mydomain.dk] as well as admin@[mydomain.dk] Innnnteresting, since I am the only one to support and administer that domain. Besides.. I rarely write to myself in english LOL but yeah, they do get more and more "clever". Pesky things.

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



Treewarden ( ) posted Wed, 14 April 2004 at 12:17 PM

I got one the other day that was along these lines.... "We're sorry, but your bank account has been closed due to fraudulent activity. We have reported you to the police. You can only clear this matter up by responding to the information included in the attachment." Or something to that effect. I deleted it without opening the attachment. I mention this because I note a strange similarity to Spanki's report. Needless to say, this had me running to check my bank account (D'oh, that gives me a bad thought). It was o.k, but now that I think about it, if they somehow had a spyware that recorded me going into my bank right after I got such a fraudulant notice, then I've fallen for their ploy. For the love of Pete, this virus stuff is getting so far out of control, I'm really starting to wonder how we'll ever get rid of it. What if this just gets so bad you can't go on the internet without the equivalent of a full suit of armor? This doesn't sit well with me at all.


mondoxjake ( ) posted Wed, 14 April 2004 at 3:22 PM

c1rcle: Try NeoPlanet as a substitute for IE, it has an interface compatible with IE friendly sites w/o all the open port BS. It is free at neoplanet.com. I have used it now as an IE substitute for over 3 years...it has crashed on me only a couple of times.


Sue88 ( ) posted Wed, 14 April 2004 at 5:05 PM

I've been receiving these kinds of messages for several weeks now. I think I've received all that was mentioned above (probably even more). I just delete them. First of all, if it's an e-mail from an address I don't recognize and it has an attachment, I just delete it. Second, if the message is just a general text without directly addressing me and without a signature, poof - out it goes. Oh yeah, another kind I've received asks me if I'm a spammer and tells me that my address was found on some spammers' list... It seems that these newer virus messages try to make you concerned or interested enough to check out their attachment.


hauksdottir ( ) posted Thu, 15 April 2004 at 6:33 AM

Oh, yes! And the fun ones with a password-protected attachment, where they include the 5 digit password in the message. That almost caught a computer-savvy friend. Carolly


Sue88 ( ) posted Thu, 15 April 2004 at 7:19 AM

I can imagine that these tactics work pretty well with less computer-savvy people. Maybe that's why there are so many of these virus messages nowadays... :(


TrekkieGrrrl ( ) posted Thu, 15 April 2004 at 7:31 AM

Hmm... Some people may not want to admit that they've got a virus. It may sound silly but think about it: You get plastered with advice on NEVER NEVER NEVER to click an unsuspeced attachment.. and when you do so anyway? you're a fool, and who likes to admit they've behaved foolishly? ;o) And if they don't KNOW how to get rid of it again.. who should they ask then? without admitting their foolishness. So.. I hereby admit that I've once activated the ILOVEYOU virus.. on my work computer of all places. Yes I knew about never opening attachments... Call me Curious George.. coz I did so anyway :o} But I learned a lesson back then! I think :o) So don't divide people into computer savvy / imbeciles coz we can all make mistakes :o)

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



Sue88 ( ) posted Thu, 15 April 2004 at 8:44 AM

*So don't divide people into computer savvy / imbeciles coz we can all make mistakes :o)*That was not my intention at all. I agree that everybody makes mistakes. But maybe people who know a little more about these issues have a better chance of catching themselves before they open that attachment. I'm not an expert, but I have some experience with computers, and still I almost fell for the one which seemed to come from my own website. First I thought that it was from my host. Then I realized that it was from "support" at my own site, and like you, I'm the only person there, so it couldn't have come from me... ;)


TrekkieGrrrl ( ) posted Thu, 15 April 2004 at 11:51 AM

Oh sorry if I phrased it wrong :o) It wasn't aimed at you, it was aimed at the GENERAL assumption that "it's your own fault" if you get a virus, and though it's sometimes the case, those virii are getting so clever now that even people who consider themselves "on guard" can be caught with their pants down. And I almost opened one of those that came from my domain too untill I realized that there was something wrong. I am SO HAPPY for MailWasher, with it, I can check suspicious files at the SERVER, without the need to actually download the crap. And on top of that, it's a nice spamfilter :o)

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



Sue88 ( ) posted Thu, 15 April 2004 at 12:13 PM

Oh, okay, it seems that I misunderstood you then, sorry. :) I think I have MailWasher somewhere, I'll have to check. I do use Norton, which works fine with regular e-mail, but it doesn't beep at me when I get these messages from my site's mailbox. I just delete them; maybe Norton would complain if I tried to actually open one of those attachments, but I'm not going to test that hypothesis... ;)


hauksdottir ( ) posted Thu, 15 April 2004 at 5:24 PM

I got hit once, but Norton quaranteed it. A colleague had just published a book, so when I got a note from him to check his new website... I, of course, assumed that his book was featured. I clicked on the link and Norton practically shrieked at me. Whatever was in it must have been extremely virulent. Deleting the spam and virus stuff from strangers is easy. When it is from somebody we know, we have to use extra caution. Pity. Carolly


Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.