Discussion in 'Trojan Defence Suite' started by dallen, Jan 25, 2004.
Could be this one:
At the moment there are a few mass mailing infections going around like with dumaru and a few more, i also get strange stuff all of a sudden and mailer daemon notifications for bounced emails which never came from me at all, so be very carefull with opening anything at all.
Noticed at yahoo the attachments are not visible from the outside anymore without opening an email, so there i look at the size and subjectline and sender before even touching an email, although after opening till now i saw the attachments in the bottom with ability to scan and clean before opening it. Hope that is with every possible infection there too!
If you do have to submit files please zip them or if that is not possible change the extension into .tmp for instance, so it can't run and scanners might make less problems.
Your attachment was 573bytes, i just had one of 582bytes which was changed into .txt but i don't trust it al all as it does not show up in the email source. So that one goes zipped into further investigation, by no means i dare to separate the attachment from the email.
Why we get those things? Either somebody somewhere has our email on theis computer, is infected or harvested, via internet and wherever and the stuff is massmailed around. Remember klez?
Oops, I seperated the attachment from the email, but I never opened or ran the file. I did not change the extension or zip it though.
There has been an update by LiveUpdate tonight. NAV2004 should be able to detect the virus now.
Depends on: saves Gavin lots of work if we dare to separate the attachments from the email and zip those and submit them that way. But obnly few times i feel really bad about a strange thing and then i don't even dare to separate them. Or i zip the whole stuff email included with the attachment to be sure.
It might also prevent your samples from being corrupted or cleansed by scanners somewhere on the way.
Tonight i had a few very strange things: emails with infected attachments, both came zipped. So i thought that to be handy for forwarding. this was not possible, each time the emailer froze completely. So the only way was copy them first to another folder and attach the whole email plus attachments into a new email and send it that way. i should have zipped them completely i remember now, sorry Gavin!
Anyway, attached into a new email those nests could be sent away.
Nasty things, was i-worm-novarg seemed a few variants.
You might see on your ports lots of portscans on 17300.
Caught various spybots there, also new varieties. So the guys are very occupied to keep us busy it seems.
I downloaded the NAV update and completed an entire system scan. I appears that my system is clean. I have a question. Wouldn't Worm Guard protect me from this type of thing?
Unrelated to this I have another issue. Below is a modified screenshot of a program that has been installed on my system that I can't remove. See the image and you'll see the problem I'm having removing it. Any suggestions?
http://web.ics.purdue.edu/~dallen/Program and Removal Error.JPG
Ebates has probably been removed by a spyware-remover.
To remove the orphaned entry in Add/Remove Software, have a look here:
Thanks very much. I did it and it worked. There was only one confusing thing about the directions given. Specifically, when it said this:
I wasn't sure if it wanted me to delete only the contents of the folder, or the whole folder. I deleted the whole folder. I think the folder is called a "key" and its contents are "key values." However, I figured I didn't need the empty folder in my registry. Oh, I should mention that I used regedit.
In this case, where the program was not installed anymore anyway, that was the correct action.
Although I always look at the path for the uninstaller and check if that is in the programs folder or somewhere else.
Separate names with a comma.