Forum Moderators: phranque
when i opened them (viewed them online from my email provider, just html)
nothing happened (i think)...
now today i started my comp (Win2000Pro on Win98SE) in win2000 mode,
my zonealarm could not set up its truevector stuff and canceled its startup
...i reinstalled za but it still won't work
...started in win98 mode, setup za(forks fine so it ought to be something
in the winnt folder, scanned it but nothing found), got online
and searched for virus info but all i could find is info on
W32/Magistr.B and its variants. according to the virusinfo it will affect
win.ini system.ini and shutdown za before connecting to the internet
but the only unusual thing on my system is that za cannot startup anymore?
even more weird is this:
1st email:
Return-Path: <xxxxxxxxx@hfx.eastlink.ca>
From: postmaster <postmaster@europe.com>
i "got it back" from my email provider's "postmaster" because
it could not be delivered to a person which i know but for sure
never have written any emails to...
(my email address is psychotekk@europe.com but is at mail.com:
psychotekk:europe.com@mail.com, so i suppose if there is a "postmaster"
his or her email address would be something like postmaster@mail.com)
...it said that "my email to blablabla@msn.com" could not be delivered..
well i know blablabla but i only knew she had a blablabla@hotmail
address (but maybe m$ handles it the same?), and i know
that this person lives near halifax/ns/ca, so the address in the return-path
could be hers somehow (the addy is a males name but i remember that
some providers that offer 10 email addies altogether for a customer
would handle it like the main addy, just like from the emails of a friend of
mine where in the <from:> her email address (@web.de) is shown but in the
<return-path> her dad's address (@t-online.de, their isp) shows up)
and the 2nd email:
Return-Path: <xxxx@hfx.eastlink.ca>
From: someotheraddress <someotheraddress@hotmail.com>
==> maybe yet another sub-id sent via the
xxx@hfx.eastlink.ca main-id...
duh i'm p*ssed i can tell ya >:[
wanna kick someone's *ss!
if i only knew whose *ss to kick... probably this guy at hfx.eastlink.ca!
...well thanks for reading this anyways
i already feel much better now that i
wrote it off my chest... ;)
any ideas what virus it could be?
i would be happy to hear :) :) :)
I'd suggest going to the Symantec web site and downloading their on-line scanning and repair utility.
The guy who appears to have sent it to you is very probably in the same boat you are. When this happens to me, I usually reply with the URL of the Symantec "repair" page for the virus I received. Most folks you receive e-mail viruses from are not malicious - they just don't have a clue (or an anti-virus program).
BTW, I have no affiliation with Symantec/Norton Anti-Virus, that's just what I run. McAfee and Trend Micro (and others) may offer similar on-line "identification and repair" utilities, too.
Good luck with it!
Jim
:o(
yup i'm pretty sure the people i got the emails from didn't send em on
purpose, it's just that i needed to take my anger out on someone...
i had some covers and pictures for my school's graduation-paper to be
delivered to the print shop in time and i didn't know what this virus was
gonna do with my psd files - stress in connection with anger easily makes
me lose my sense for rational conclusions, don't mind me ;)
btw, it seems my whole grade is hit by the worm :o
Open Outlook or Outlook Express (yeah.. the ones virus authors LOVE!) and add a new contact to your email list.
Enter the following into the First name box: !000 the in the box where you add the new email address, type in the following: WORM ALERT !!!
By naming the new contact !000 it should appear as your first entry on your contact list. Since "worms" like to spread by grabbing addresses from your contact list, you can usually "trap the worm" by setting up a "null" address. Since you added WORM ALERT !!! as the email address for your new contact !000 if you find yourself "attacked" you can usually stop a worm cold with this tactic.
You won't prevent the changes to your own PC, but you should prevent the "spread."
Some virus programs choose random contacts from your address book... this will not stop those. But for the programs that grab all your addresses and send out mass mailings, you might just be saving all of your "contacts" from the same fate that hit you.
Stopping the "spread" is most of the solution. ;)
My experience is that when a virus succeed in biting the computer, rarely the clean programm will recover everything; probably the system and programs are now virus free but often they do not work fine as they were used to.
take a look at this [psychotekk.de], it's a sample from all those mails i got (not infectious of course)
it's a shame thet m$ did not manage to fix such a lame security flaw!
it's just executed via the <iframe>!
just one word: incompetence.
btw, as i was deleting the last infected files i also deleted the outlook folder hehe :)
WORM TRAPI've heard that this is really just an urban myth...logically it works out, but in practice it supposedly wouldn't work...I can't find the reference now, but I seem to recall that this was debunked by someone like Woody Leonhard or Fred Langa...
This only stops some viruses from sending -- and those that do use the Outlook/OE address list don't have to start at the top.
It doesn't affect Klez at all -- Klex scans your hard disk for file names like xxx@yyy.zzz and treats them as email addresses to send to.
It won't detect many viruses (including Klez) which have their own SMPT engine, or otherwise bypass O/OE for sending.
And it doesn't stop any destructive payload. If you get the virus on the day it triggers a hard drive wipe, then it'll be doing that while you are looking at the "Illegal Email address" message in Outlook.
The method creates dangerous sense of security. Get some proper anti-virus protection instead. And, if you do use MS products, patch them with monotonous regularity.
