iDRY Vacuum Kilns

Sponsors:

Virus

Started by dewwood, August 30, 2003, 05:17:55 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

dewwood

Help!

I am receiving literally hundreds of emails daily from all over.  I have checked my system several times with both Norton and McAfee detection and removal programs and they don't find anything on my system.

Some of the emails have FF addresses but most have all different names.  Does anyone know how to stop these?  I add them to my junk mail list then they are deleted as soon as received.  But some are from people whose addresses I don't want to put on the junk email list so they keep coming.  

Any info would be appreciated.

Thanks
Dewey
Selling hardwood lumber, doing some sawing and drying, growing the next generation of trees and enjoying the kids and grandkids.

biziedizie

  Dewey the only thing you can do is hang in there till the bug is gone or change your e-mail address. I'm getting the same thing, like about 300 e-mails a day and it suxs as I'm used to maybe 2 or 3 e-mails a day. What I did to help stop things and also to not infect anyone else was to copy my address book to disk and delete the address book from outlook till this thing is over.
  The bug will die soon and I think it's at it's peak so you just gotta hang tough.
  BTW all those e-mails have a virus in them so don't open them!

    Steve

Jeff

Same is going on here. Its the danG W32/Sobig virus that is causeing all this. Its also causing slowdowns on the net because of the massive amounts of email its sends and generates.

This virus has its own smtp engine so it does not need an email client to mail to addresses found on the infected computer. It fakes the "from" field in the address. Mine went away for a while but now I am gettign another fresh batch ther last 2 days.  Mine are mostly coming from .edu and . us addresses. You have to view propertys of the email to see where they are actually coming from.

Here is more then you need to know about this stupid thing. It not only do you get email, you get blamed for sending viruses you didnt send because it is faking your address it found on the infected computer!

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100561
Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

Jeff

Bizzy, that does no good. If you are infected, you gotta clean your system of the virus. The link in previous post gives help for that. You may not have anything to do with speading the *DanG thing other then being an address on someones infected computer. It takes your address, fakes the mail, sends everything that looks like its from you and it aint.
Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

Jeff

Stinger is free a stand alone application from mcaffee that can scan your sytem for this and a few other nasties and clean them out.

http://download.nai.com/products/mcafee-avert/stinger.exe
v1.8.5 [702,471 bytes] (8/28/2003)

This version of Stinger includes detection for all known variants, as of August 28, 2003:
BackDoor-AQJ Bat/Mumu.worm Exploit-DcomRpc
IPCScan IRC/Flood.ap IRC/Flood.bi
IRC/Flood.cd NTServiceLoader PWS-Narod
PWS-Sincom W32/Bugbear@MM W32/Deborm.worm.gen
W32/Dumaru@MM W32/Elkern.cav W32/Fizzer.gen@MM
W32/FunLove W32/Klez W32/Lirva
W32/Lovgate W32/Lovsan.worm W32/Mimail@MM
W32/MoFei.worm W32/Mumu.b.worm W32/Nachi.worm
W32/Nimda W32/Sdbot.worm.gen W32/SirCam@MM
W32/Sobig W32/SQLSlammer.worm W32/Yaha@MM


Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

biziedizie

  Thanks Jeff. :)  I've been useing AVG and it hasn't helped yet. Gonna try that stinger program to see what happens.


     Steve

whitepe

I don't use any mail packages that are part of the operating system. (MS outlook etc.)   I only use the web interface to
get mail from my ISP. Also, since I don't use any mail client,
I don't have any address books sitting around on my
hard drive that are vulnerable to virus programs.  I do
keep a separate (unrelated) file around with email addresses
that is easy for me to cut and paste into a to field.
I have not gotten any spam emails yet.  Knock on wood.

Now at work however, I have been getting about 30-50 spam
emails per day.   Most have been coming from
qatarmail.com or arabiamail.com.  Since as part of my
work, I almost daily send emails to India,  my email
messages most certainly pass through systems
controlled in the middle east somewhere.  All of these
spam email started immediatlel after the IRAQ war.
Call it coincidence if you want, but I am calling it
electronic terrorism against the U.S.    All it takes
is one person with a grudge against the U.S. working
at a routing site somewhere else in the world to intercept a valid email address.  We need to remember, that the internet
is not much more than computer technology equivalent
of CB Radio.   It's very very public.  At CAT, we are more
and more using dedicated, private links to / from
our suppliers.  :-/
blue by day, orange by night and green in between

Jeff

bizzie did you download the sting program and try it yet? I am now getting some virues that seem to be associated with your email address.
Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

biziedizie

   Jeff I tried Stinger and nothing came of it. Searching for another bug thingy to see what happens. If this ain't fixed soon I have noooooo other option but to change by add. If there's any other ideas out there I need to hear them.



      Steve

Jeff

Dont change your address. This virus has a Self-Termination
In common with previous W32/Sobig variants, this variant contains a date triggered self-termination routine. If the date is September 10th 2003 or later, the worm will no longer propagate.
I guess we just put up with the emails till then.
Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

woodhaven

whitepe,
I'm with you. I don't even use IE for the same reason. These programs are to tightly connected to system events. I have proven to myself many times that the farther I can stay away from Brother Bills stuff the better and cleaner operating system I have. I hate computer problems and when you are on the internet with software that is part of the operating system___________Well you are just BRAVE.
Richard

biziedizie

  Hey if I leave outlook off does that help??? Also the other thing is that I don't have an address book as I deleted it. Does it still get by somehow????

     Steve

Jeff

The emails being received from this sucker has nothing to do with what you use. Its what the infected person is using. If you are in THEIR address book, your going to get sent the crap.
Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

biziedizie

  Oh wonderful :( So there's really nutting I can do then if I'm in an address book of a person I don't even know. ::)
  Gonna try that scan again to see lf it helps. If I check the properties on the incoming mail it seems normal but if I reply it never gets through, it just gets booted back to me.


    Steve

    

biziedizie

  K I ran stinger again aswell as a bunch of other scanners and nutting came up. :o I would say that the puter is fine it's more then likely that some twit has my e-mail address and has the bug. If this is the case then is there a way to get my add off their puter???
  My address book consists of maybe 4 people at the most and I can't see them keeping a bug around too long.
  This thing is starting to pi%# me off as from what I have read it looks like I have to wait till the tenth for it to leave.
  
  Steve

Tom

 :)Patience, Bizie.
It's already the first..... :D

woodhaven

You guys might want to delete it manually by going to the registry and delete its excuteable.


   1. Copies itself as %Windir%\winppr32.exe.

      NOTE: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.

   2. Creates the file, %Windir%\winstt32.dat.

   3. Adds the value:

      "TrayX"="%Windir%\winppr32.exe /sinc"

      to the registry key:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

      so that the worm runs when you start Windows.

   4. Adds the value:

      "TrayX"="%Windir%\winppr32.exe /sinc"

      to the registry key:

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

      so that the worm runs when you start Windows.
Richard

Jeff

We dont have it woodhaven. The problem is we are being sent email after email from someone that does.
Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

woodhaven

OK,
I wonder if that person even knows they have it and are spreading it? Probably Not.
Richard

David_c

i dont know anything about computers but i have aol spyware protection & spybot search & destroy came with aol 9.0 when i upgraded havent had a pop up or any unwanted mail dont know if just lucky or not.

Jeff

Most of mine are coming as I said, appear to be from edu or us or .gov addresses. So I figure the bug is on a school computer or someone with the state that has my email address. Problem is I have 3 email address that I use and 2 of them are getting stuff.  
Just call me the midget doctor.
Forestry Forum Founder and Chief Cook and Bottle Washer.

Commercial circle sawmill sawyer in a past life for 25yrs.
Ezekiel 22:30

David_c

you know what the people that make up these viruses need to be drawn & quarterd. the one problem i seem to have is i will lose my internet connection not all the time ethier. it was fine for a week then friday night started  went through saturday but when it happens it happens constintly. been fine again since saturday night.

Tom

Here is an example of someone that is about as bad as a virus.  He/she/it sells the confounded things after gleaning them from the internet. That's one reason Jeff suggested that you hide your email when you sign up. He doesn't want them copying them from the member list.

-------------------------------------------------
$99.00
99 Million Email Addresses
No duplicates
No hotmail or aol
Emails come as a 3 CD set
All emails are fresh and verified
99 lists of 1 million emails in each list
All email addresses are general internet only
Emails are 99% .com and .net, no foreign emails
These lists have never been offered for sale until now
*150 million, 5 CD set is also available for only $175.00
CDs ship directly to you
--------------------------------------------
They then had a link you could contact them through.


dewwood

I just checked and I had 450 emails in my deleted folder, I am getting this many a day.  Most I have marked as junk mail addresses and never see them they go directly to my deleted mail folder but you have to close your program to complete the deletion from your system.  

I am still getting some that are using names of people like Jeff whom I do not want to put on the junk list because then I would not ever see the real messages.  I sure hope this thing runs its course soon.  The terrible part is like stated above it can be on someone's computer and keep sending emails from their list and on and on and on and there is nothing you can do to stop it.

The other part of this is like Jeff said earlier it is taking up a lot of resources throughout the internet and making everyone's system run slower.  I wonder is this part of the problem we were talking about in another post about slow loading time?

Getting frustrated,
Dewey
Selling hardwood lumber, doing some sawing and drying, growing the next generation of trees and enjoying the kids and grandkids.

breederman

We just got back from dropping our oldest off at Lynchburg College, they are having a terrible time as it is filling their network, we got a disk from them and installed the patch before I put her puter on line.
Together we got this !

Thank You Sponsors!