179,854Messages
9,130Senders
30Years
342mboxes
Search · subject · body · from · to
Advanced search
reset

← archive index

Re: [idm] Hello emailing from unaffected (clean computer). Virus removed!Please read.

2 messages · 2 participants · spans 1 day · search this subject
◇ merged from 2 subjects: hello emailing from unaffected (clean computer). virus removed! please read. · hello emailing from unaffected (clean computer). virus removed!please read.
2001-11-28 23:58Andrew Hime Re: [idm] Hello emailing from unaffected (clean computer). Virus removed!Please read.
2001-11-29 01:13richie devine [idm] Hello emailing from unaffected (clean computer). Virus removed! Please read.
expand allcollapse allclick any summary to toggle that message
2001-11-28 23:58Andrew Hime3. Download and apply Microsoft's security patch against automatic activation of e-mail at
From:
Andrew Hime
To:
Date:
Wed, 28 Nov 2001 17:58:52 -0600
Subject:
Re: [idm] Hello emailing from unaffected (clean computer). Virus removed!Please read.
permalink · <011001c17868$a180f6c0$6b652104@bogdan>
3. Download and apply Microsoft's security patch against automatic activation of e-mail attachments: http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp *** Per that page, neither IE 5.01 SP 2, 5.5 SP 2, nor 6 versions are affected. http://windowsupdate.microsoft.com - people, use it. Patch up to an appropriate version of IE and grab all the critical and security updates. It's your own damn fault if you don't. --------------------------------------------------------------------- To unsubscribe, e-mail: idm-unsubscribe@hyperreal.org For additional commands, e-mail: idm-help@hyperreal.org
2001-11-29 01:13richie devineHello emailing from unaffected (clean computer). Virus removed! Please read. Once again I
From:
richie devine
To:
Date:
Wed, 28 Nov 2001 17:13:53 -0800
Subject:
[idm] Hello emailing from unaffected (clean computer). Virus removed! Please read.
permalink · <B82ACBD1.3F%rdevine@mindspring.com>
Hello emailing from unaffected (clean computer). Virus removed! Please read. Once again I am totally sorry for any inconvenience this might have caused to any of you. I wasn¹t aware that the virus was still on my system, until just now. This is the second time I had to remove it. We already removed the virus last night, and thought the system was cleaned after removing the virus with Norton Antivirus software, and replacing the windows systems filesŠ.But apparently that didn¹t do it. We have over nine computers here setup on a network. And had the virus leak through last night though Outlook, which sucks because, it put all of our 7-year archive of music in danger of being damaged. Once again, I totally am sorry... Who ever sent this to me was lame as motherfucker!!! Ps: The virus was completely removed off my system just now...and once again I am totally sorry about any trouble I may have caused... If you need any information on the BadtransII or I-Worm.Badtrans virus look here http://www.europe.f-secure.com/v-descs/badtrans.shtml For removal instructions and patches look below F-Secure Virus Descriptions Alphabetical Index NAME: BadTrans.B Disinfection Instructions Disinfection Instructions for Badtrans.b worm. 1. If you don't have F-Secure Anti-Virus (FSAV from now on) you can download a trial version from our website: http://www.europe.f-secure.com/download-purchase/ 2. If you already have F-Secure Anti-Virus or if you are using a trial version, please download the latest updates from our website: http://www.europe.f-secure.com/download-purchase/updates.shtml 3. Download and apply Microsoft's security patch against automatic activation of e-mail attachments: http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp 4. Download and run F-Secure's special patch file that disables starting of Badtrans.b worm when Windows runs: ftp://ftp.europe.f-secure.com/anti-virus/tools/bt_b_dis.reg When you click on this link your web browser will ask you if you want to open it or save it to disk. Select 'Open' option and click 'Ok' button. 5. Restart your system. 6. Scan all your hard drives with F-Secure Anti-Virus. Use 'Scan All Files' option. Set 'Confirm Operations' option if you have FSAV 4. Set 'Ask After Scan' option if you have FSAV 5. a. When FSAV detects the Badtrans worm in 'kernel32.exe' file in your Windows System folder, select 'Delete' disinfection action. This will remove the worm's file from your system. b. When FSAV detects 'Trojan.PSW.Hooker' in a file (usually KDLL.DLL file), try to delete it by selecting 'Delete' disinfection option. If the file was deleted successfully then your system is clean from Badtrans worm and Hooker trojan. If the file can't be deleted (locked by Windows), you will have to delete it manually. First, write down the location and file name of a file that FSAV detected as 'Trojan.PSW.Hooker'. Then, depending on your operating system do the following: For Windows 95/98 users If you have Windows 95 or 98, restart your system in MS-DOS mode, and type at command prompt 'DEL' followed by a space and a location of trojan file you put down before. Then press 'Enter' and the trojan file will be deleted. For Windows ME users If you have Windows ME, you will need to boot your computer with a system diskette and type at command prompt 'DEL' followed by a space and a location of trojan file you put down before. Then press 'Enter' and the trojan file will be deleted. It is also advised to disable System Restore function of Windows ME as the worm and trojan files can re-appear. Here are the instructions on how to disable System Restore feature: http://www.europe.f-secure.com/v-descs/sfc_dis.shtml For Windows NT4/2000/XP users If you have Windows NT, 2000 or XP please rename the trojan's file using your Windows Explorer. Rename the file with a different name, 'trojan.000' for example and restart your system. Then scan your system with FSAV and when FSAV detects the trojan in the file earlier renamed by you select 'Delete' disinfection action. This will remove the trojan's file from your system. c. VERY IMPORTANT! If FSAV detects an infection in your e-mail database (PST, MDB and other files), DO NOT delete this file or you will loose all your e-mails. You will need to delete all infected messages from your e-mail database using your e-mail client and then to compact these databases to purge deleted e-mails. After that FSAV will not find infected message any more. 7. After disinfection it is recommended to scan your system with FSAV again to ensure that no infected files are left. 8. It is also recommended to change your Windows domain password and RAS password as they might have been compromised. [F-Secure Corporation]     --------------------------------------------------------------------- To unsubscribe, e-mail: idm-unsubscribe@hyperreal.org For additional commands, e-mail: idm-help@hyperreal.org