Problem

Discussion in 'Trojan Defence Suite' started by dallen, Jan 25, 2004.

Thread Status:
Not open for further replies.
  1. Longthing

    Longthing Registered Member

    Joined:
    Jul 27, 2002
    Posts:
    40
    Could be this one:

    W32/Mydoom@MM

    http://vil.nai.com/vil/content/v_100983.htm
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    At the moment there are a few mass mailing infections going around like with dumaru and a few more, i also get strange stuff all of a sudden and mailer daemon notifications for bounced emails which never came from me at all, so be very carefull with opening anything at all.
    Noticed at yahoo the attachments are not visible from the outside anymore without opening an email, so there i look at the size and subjectline and sender before even touching an email, although after opening till now i saw the attachments in the bottom with ability to scan and clean before opening it. Hope that is with every possible infection there too!

    If you do have to submit files please zip them or if that is not possible change the extension into .tmp for instance, so it can't run and scanners might make less problems.

    Your attachment was 573bytes, i just had one of 582bytes which was changed into .txt but i don't trust it al all as it does not show up in the email source. So that one goes zipped into further investigation, by no means i dare to separate the attachment from the email.
    Nastry stuff!

    Why we get those things? Either somebody somewhere has our email on theis computer, is infected or harvested, via internet and wherever and the stuff is massmailed around. Remember klez?
     
  3. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Oops, I seperated the attachment from the email, but I never opened or ran the file. I did not change the extension or zip it though. :rolleyes:
     
  4. Longthing

    Longthing Registered Member

    Joined:
    Jul 27, 2002
    Posts:
    40
    There has been an update by LiveUpdate tonight. NAV2004 should be able to detect the virus now.
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Depends on: saves Gavin lots of work if we dare to separate the attachments from the email and zip those and submit them that way. But obnly few times i feel really bad about a strange thing and then i don't even dare to separate them. Or i zip the whole stuff email included with the attachment to be sure.
    It might also prevent your samples from being corrupted or cleansed by scanners somewhere on the way.

    Tonight i had a few very strange things: emails with infected attachments, both came zipped. So i thought that to be handy for forwarding. this was not possible, each time the emailer froze completely. So the only way was copy them first to another folder and attach the whole email plus attachments into a new email and send it that way. i should have zipped them completely i remember now, sorry Gavin!
    Anyway, attached into a new email those nests could be sent away.
    Nasty things, was i-worm-novarg seemed a few variants.

    You might see on your ports lots of portscans on 17300.
    Caught various spybots there, also new varieties. So the guys are very occupied to keep us busy it seems.
     
  6. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    I downloaded the NAV update and completed an entire system scan. I appears that my system is clean. I have a question. Wouldn't Worm Guard protect me from this type of thing?

    Unrelated to this I have another issue. Below is a modified screenshot of a program that has been installed on my system that I can't remove. See the image and you'll see the problem I'm having removing it. Any suggestions?

    http://web.ics.purdue.edu/~dallen/Program and Removal Error.JPG
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi dallen,

    Ebates has probably been removed by a spyware-remover.
    To remove the orphaned entry in Add/Remove Software, have a look here:
    http://www.winguides.com/registry/display.php/110/

    Regards,

    Pieter
     
  8. jay111

    jay111 Registered Member

    Joined:
    Jan 12, 2004
    Posts:
    14
     
  9. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Thanks very much. I did it and it worked. There was only one confusing thing about the directions given. Specifically, when it said this:

    I wasn't sure if it wanted me to delete only the contents of the folder, or the whole folder. I deleted the whole folder. I think the folder is called a "key" and its contents are "key values." However, I figured I didn't need the empty folder in my registry. Oh, I should mention that I used regedit.
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi dallen,

    In this case, where the program was not installed anymore anyway, that was the correct action. :)
    Although I always look at the path for the uninstaller and check if that is in the programs folder or somewhere else.

    Regards,

    Pieter

    edited typos
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.