Acadia opened this issue on Aug 30, 2005 ยท 22 posts
Acadia posted Tue, 30 August 2005 at 10:50 PM
I STRONGLY suggest that EVERYONE who has MSN Messenger, immediately do a full system virus scan with an up-to-date virus scanner.
I am behind a router (a hardware firewall), and I have eTrust Firewall (a software firewall), and I don't download any files or open any attachments without scanning them first.
I was sitting watching tv with my computer on when suddenly I got notification from my antivirus program that it just detected and deleted a virus. My system was virus free this morning when I did a virus scan.
I checked the virus at my antivirus software site and it's a win32.nochod virus....and is spread through MSN Messenger, and it sends messages to all user contacts discovered on the affected machine.
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43324
MSN Messenger is a network of people connected together by common contacts; I really, really, really advise that each and every single one of you scan your system with an up-to-date virus scanner, and notify every single person in your contact list either by email or by MSN Messenger to also scan their system. Otherwise people will just keep passing it back and forth to each other.
Message edited on: 08/30/2005 22:50
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
Ardiva posted Tue, 30 August 2005 at 10:52 PM
Boy am I extremely happy I don't use MSN Messenger!
Switch to Yahoo IM and be a happy camper. :)
Message edited on: 08/30/2005 22:53
pokeydots posted Tue, 30 August 2005 at 11:33 PM
I don't use any messengers! :)
Poser 9 SR3 and 8 sr3
=================
Processor Type: AMD Phenom II 830 Quad-Core
2.80GHz, 4000MHz System Bus, 2MB L2 Cache + 6MB Shared L3 Cache
Hard Drive Size: 1TB
Processor - Clock Speed: 2.8 GHz
Operating System: Windows 7 Home Premium 64-bit
Graphics Type: ATI Radeon HD 4200
•ATI Radeon HD 4200 integrated graphics
System Ram: 8GB
Acadia posted Wed, 31 August 2005 at 12:07 AM
Well, for those who do... I figure they should know so that they can scan their system and pass along the information to have their contacts and their contacts and their contacts scan theirs as well....
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
soulhuntre posted Wed, 31 August 2005 at 12:16 AM
Actually - the worm is not spread by MS Messanger, in fact there is no security flaw in either Messager, IE, Outlook or Windows involved here. The end user must EXECUTE a file themselves for this to spread (at least under any reasonably up to date WinXP system). The involvement of Messanger is limited to sendign peopel on your buddy list a message that contains a URL for them to click. That URL will then attempt to trick them into running a file with the worm in it. In other words, MS Messanger is absolutely not a source of vulnerability in this attack.
Faery_Light posted Wed, 31 August 2005 at 12:39 AM
I had MSN Messenger for a while. Someone sent me a nasty trojan and it attached to my buddy list and address book both. Caught it in time to keep my brother from opening a file supposedly from me. Don'y do IM like that now. And don't open my mail offline. I use my online mail host with antivirus and firewall.
Let me introduce you to my multiple personalities. :)
BluEcho...Faery_Light...Faery_Souls.
kuroyume0161 posted Wed, 31 August 2005 at 3:17 AM
So, Messenger is just the messenger. Don't forget to shoot the Messenger or messenger or both! ;) I always disable Messenger right after reinstalling my OS. I only use Skype and that's so I can message and talk to people outside the US (don't have an International cell-phone plan).
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
soulhuntre posted Wed, 31 August 2005 at 3:48 AM
Folks, you don't really need to be that paranoid. All you have to do is understand what this stuff does. Simple steps to a virus / trojan free life in Windows: 1) Run WinXP with service pack 2 2) Keep up with the automatic updates 3) Don't say "YES" to every dialog box you ever see 4) Run the >free< anti-spyware tool from MS 5) Run a good AV tool. I prefer Norton but you can use what youw ant, some are free 6) Turn on the built in MS firewall Enjoy your life.
kuroyume0161 posted Wed, 31 August 2005 at 5:03 AM
Or do what everyone does: 1) Run WinXP. 2) Turn off automatic updates. 3) Say "YES" to every dialog box. 4) Install spyware or other tools that contain them. 5) Run no AV, Script-blockers, Popup-blockers, or Spyware-blockers. 6) Turn off MS Firewall. 7) Always click on email links and attachments. You'd be amazed how many people do these stupid, stupid things! Thus, the success of all of this crap (pardon my French). ;)
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
Francemi posted Wed, 31 August 2005 at 8:29 AM
I have a contact on MSN Messenger who keeps sending me messages about "Find out who's blocking you on MSN Messenger" with a link to (supposedly) a MSN site to download the program. She said her MSN keeps sending these messages ever since she installed the latest version. She scanned her computer and doesn't have any virus. Does someone know how to get rid of that stupid message? BTW... Instead of clicking on the link, I wrote to her telling her about it. lol
France, Proud Owner of
KCTC Freebies
randym77 posted Wed, 31 August 2005 at 9:14 AM
Francemi, your friend has been infected with adware.
http://sarc.com/avcenter/venc/data/adware.blockchecker.html
It's not a virus, which may be why her antivirus program didn't find anything. Ad-Aware or Spybot will probably find it.
Francemi posted Wed, 31 August 2005 at 9:21 AM
Thank you randym77, I'll pass along that info to my friend.
France, Proud Owner of
KCTC Freebies
pakled posted Wed, 31 August 2005 at 11:04 AM
we used to call them 'Quaker viruses'..they asked you to volunteer to do the damage per their instructions..usually deleting a key file, etc..
the missus' machine is so infected with spyware, malware, etc., that even a system restore hasn't worked. The MS anti-spyware program found 1 instance (of about 79, but it can't hurt to run it) malwares..it's the usual culprits..now if I could just convince her to go with Mozilla..;)
I wish I'd said that.. The Staircase Wit
anahl nathrak uth vas betude doth yel dyenvey..;)
Acadia posted Wed, 31 August 2005 at 11:19 AM
I got a message from someone in my contact list over the weekend, saying something like "Hey Linda, check this out" and there was a link. The link had my hotmail address in it. It was too strange and I sent a message back asking what it was about (I did not click the link). I didn't get an immediate answer, so I closed the MSN window. Later the person sent me an email warning me to not click the link as it was a virus. I wasn't worried because I didn't click the link and I had closed the window to make sure I didn't accidently click it. However, as a precaution I did 2 virus scans (one with my own antivirus, and one that is online at my ISP host), and both came up clean. I did my usual twice a week virus scan yesterday, and again my system was clean. Last night I get a message from my antivirus that it had just detected and deleted a virus (Win32.Nochod.J worm). I looked online and saw that it is a virus that is spread through MSN Messenger. So it seems to me that you don't have to click any link, or download any file to get that particular virus from someone who is infected with it. It's better to be safe than sorry which is why I started this thread.
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
JHoagland posted Wed, 31 August 2005 at 11:35 AM
Or do what everyone does: 1) Download the latest "hot" freeware game from Yahoo, MSN, or other site. Be sure to click the button that says, "Yes, I agree to have spyware put on my computer." 2) Use unpatched versions of IE and Windows and go to "freeware" sites with banner ads, pop-up windows, and Flash scripts which take advantge of "DSO Exploits". 3) Install every version of "smileys", "emoticons" and other "funny" programs. Like step #1, be sure to click the button that says, "Yes, I agree to install software that changes my home page, my desktop, and monitors my activities by running software in the background." Or you can protect yourself by following the steps outlined by, soulhuntre, above, AND: 1) Download the latest version of Ad-Aware. (Yes, there is a free version.) 2) Download the latest version of Spy-Bot. (Yes, there is a free version.) 3) Uninstall the current version of Ad-Aware and Spy-Bot from your computer. Yes- you read that right: uninstall your current version. Some trojans and spyware will actually disable these programs if they are found on your computer. The best thing to do is remove both programs and then: 4) Install the new version of Ad-Aware and run it. 5) Install the new version of Spy-Bot and run it. --John
VanishingPoint... Advanced 3D Modeling Solutions
Hawkfyr posted Wed, 31 August 2005 at 3:36 PM
Don't forget to download all of those cool screensavers and web tool bars too. Tom
“The fact that no one understands you…Doesn’t make you an artist.”
Acadia posted Wed, 31 August 2005 at 4:15 PM
Quote - The end user must EXECUTE a file themselves for this to spread (at least under any reasonably up to date WinXP system).
That doesn't seem to be the case here. I did not execute ANY file, or click on ANY link. My computer is like Fort Knox. I have the latest versions of Adware and Spybot. I scan at least once a day for spyware/adware, if not 2 or 3 times. I use Mozilla/Firefox Browser and I adblock everything I see. If I run across a site that I need to view in IE, I do, but then I scan for adware/spyware immediately afterward. I delete cookies and temp files at least daily. More often than not, twice daily. I have Windows XP and am always current with updates. I have a router that my laptop is always connected to. I have a bought software firewall too. I virus scan twice weekly with up-to-date signatures, without exception. More if I have cause to be suspicious. I defrag my computer twice weekly. I empty the recycle bin right after adding something to it. I do not open email file attachments included in any email that I'm not expecting. If I'm expecting something, I save to my hard drive so I can see the extension, and then I scan the file first. If it's suspicious, I delete it. Am I anal about computer upkeep and maintainance? Yes, very much so. It's why I've never ever had computer virus; that was until last night. I did not mean to imply that MSN Messenger was the culprit passing along the virus. Perhaps I should have stated "through the MSN Messenger network". However, if you have MSN Messenger you are vulnerable to getting these messages and the worm because you are using MSN Messenger. I stress again, I did not click any links, or open any suspicious files, yet I managed to somehow acquire this "spread through the MSN Messenger Network" worm...seemingly from someone in my contact list who had (or still has) it based on a message I got a few days ago ... and even after my system showed as clean after 3 complete virus scans. So it appears you do not have to click anything or even open anything to get this particular worm. I've deleted that one person from my contact list until he figures out where he's being infected from. He claims he deletes it and it keeps reappearing, so he must be passing it back and forth with someone else in his list, and I can do without that headache.
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
kuroyume0161 posted Wed, 31 August 2005 at 4:34 PM
To delete files permanently without going to the Recycle Bin first, just hold the Shift key before hitting the Delete key or using the context menu. :) Of course, once you've done this, there is no going back!
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
LostinSpaceman posted Wed, 31 August 2005 at 5:56 PM
Acadia's correct Soulhuntre. Long gone are the days of DOS when the only files you had to worry about ended in EXE or COM or BAT. Now with VBScript, ActiveX and a slew of other self executing protocols you do have to watch your back door.
Acadia posted Wed, 31 August 2005 at 6:33 PM
Thanks :) I've had a computer since spring of 2000, and the only keyboard shortcut I know are: CTRL ALT DEL CTRL + left mouse button = select/unselect individual files. Drag and Drop I use the drop down menu or right click menus for everything.
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
Hawkfyr posted Wed, 31 August 2005 at 7:00 PM
I use Shift+Delete all of the time. If worse came to worst,there is always system restore if I really screwed up and delelte a crucial file. But for the most part,If I delete something,I really mean it. So Shift + Delete it is...lol Tom
“The fact that no one understands you…Doesn’t make you an artist.”
JHoagland posted Thu, 01 September 2005 at 11:11 AM
Now with VBScript, ActiveX and a slew of other self executing protocols you do have to watch your back door. This is one of the big issues with unpatched versions of Windows and IE: an ActiveX control could create a "DSO Exploit", install itself on your computer, and then run itself. You never told it to run and you may not have been on any "nasty" site (I got got hit by one of these from a banner on Yahoo Mail), but you'll still get hit. --John
VanishingPoint... Advanced 3D Modeling Solutions