Preserved Topic: Help identifying virus (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=16804" title="Pages that link to Preserved Topic: Help identifying virus (Page 1 of 1)" rel="nofollow" >Preserved Topic: Help identifying virus <span class="small">(Page 1 of 1)</span>\$

warjournal Maniac (V) Mad Scientist From: Insane since: Aug 2000	posted 07-19-2002 15:44 Little Nancy has got a virus or two. It's an e-mail virus and she uses Outlook. uch: McAffee(?) doesn't catch it, then again, she's got a slightly non-updated version. And stupid me didn't check to see if Outlook automatically runs attatchments. ~bangs head~ I did manage to get rid of one virus with a teddy bear icon, but the other one persisted. Got rid of it once by recovering her drive. All e-mail problems ceased. The other day she got an e-mail and now it's back. When she's infected, she gets tons of bounced e-mail to people that she doesn't know. Something like 50 a day of bounce. Not pretty. I did notice a few funny things in her registry, but nothing conclusive - I don't really know her machine that well and Google came up with nothing. It's not much to go on, but I'm hoping somebody out there knows of a few viruses that do this kind of thing. You know, send a bunch of e-mail that gets bounced and infects other people. The plan is to recover her drive again, then hit updates and check a few other things to help prevent re-infection. If anybody has any leads on which viruses, then it would really help prevention.
InI Paranoid (IV) Mad Scientist From: Somewhere over the rainbow Insane since: Mar 2001	posted 07-19-2002 16:04 The poster has demanded we remove all his contributions, less he takes legal action. We have done so. Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future. Don't follow his example - seek real life help first.
CPrompt Maniac (V) Inmate From: there...no..there..... Insane since: May 2001	posted 07-19-2002 16:26 Well you can always open up Regedit and go to: HK_Current_Users/Software/Microsoft/Windows/Run and see if there is anything there. There shouldn't be of course. Then there is the RunOnce in the same folder that viri are usually copied to. That may give you some info on what it is. Hope that helps. Later, C:\ ~Binary is best~
dmstiner Bipolar (III) Inmate From: Insane since: Mar 2002	posted 07-19-2002 16:41 Go here: http://securityresponse.symantec.com/avcenter/tools.list.html Download the repair tools for Nimda A & E, Sircam and Klez. I would almost bet the farm that you are infected with one of these three viruses, probably SirCam if you first started having problems more than 3 months ago. Anyway download all the tools to the desktop then reboot and run them one at a time in safemode. Note: If you are running WinXP or ME be sure to disable system restore before you run the removal tools otherwise the OS might restore the virus heh. For instructions on turning off system restore in XP go to: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039 For instructions on turning off system restore in ME go to: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239 Good luck and be sure to keep your virus definitions up to date!
Trigger Paranoid (IV) Inmate From: Insane since: Jun 2002	posted 07-19-2002 16:45 the little Teddy bear? wasent that part of a Hoax? rummages for website finds it.. http://www.austprojects.com.au/news/jdbgmgr.htm have a read of that.... secondly for identifying the one you have at the minute does it do anything pacilaur like cause intenral erros or illegal actions??? you could always just download a nice free up to date virus scanner like Avg and get that to tell you what it is and remove it [edit: a good idea is to stick her own adress in her adress book that way she will get the email her self with the content and the name of the attachment you can do a search on google with the file name and other things to identify it.. and its handy to know you've got a worm so you can warn your contacts as soon as possible.. Just a thought ] [This message has been edited by Trigger (edited 07-19-2002).]
warjournal Maniac (V) Mad Scientist From: Insane since: Aug 2000	posted 07-20-2002 00:58 Thanks, folks. Wish me luck for the next time I wax it (hopefully in a few days).

Preserved Topic: Help identifying virus (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=16804" title="Pages that link to Preserved Topic: Help identifying virus (Page 1 of 1)" rel="nofollow" >Preserved Topic: Help identifying virus <span class="small">(Page 1 of 1)</span>\$

warjournal
Maniac (V) Mad Scientist

From:
Insane since: Aug 2000

posted 07-19-2002 15:44

Little Nancy has got a virus or two. It's an e-mail virus and she uses Outlook. uch:

McAffee(?) doesn't catch it, then again, she's got a slightly non-updated version. And stupid me didn't check to see if Outlook automatically runs attatchments. ~bangs head~ I did manage to get rid of one virus with a teddy bear icon, but the other one persisted.

Got rid of it once by recovering her drive. All e-mail problems ceased. The other day she got an e-mail and now it's back.

When she's infected, she gets *tons* of bounced e-mail to people that she doesn't know. Something like 50 a day of bounce. Not pretty. I did notice a few funny things in her registry, but nothing conclusive - I don't really know her machine that well and Google came up with nothing.

It's not much to go on, but I'm hoping somebody out there knows of a few viruses that do this kind of thing. You know, send a bunch of e-mail that gets bounced and infects other people.

The plan is to recover her drive again, then hit updates and check a few other things to help prevent re-infection. If anybody has any leads on which viruses, then it would really help prevention.

InI
Paranoid (IV) Mad Scientist

From: Somewhere over the rainbow
Insane since: Mar 2001

posted 07-19-2002 16:04

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

CPrompt
Maniac (V) Inmate

From: there...no..there.....
Insane since: May 2001

posted 07-19-2002 16:26

Well you can always open up Regedit and go to:

HK_Current_Users/Software/Microsoft/Windows/Run

and see if there is anything there. There shouldn't be of course.

Then there is the RunOnce in the same folder that viri are usually copied to.

That may give you some info on what it is. Hope that helps.

Later,
C:\

~Binary is best~

dmstiner
Bipolar (III) Inmate

From:
Insane since: Mar 2002

posted 07-19-2002 16:41

Go here:
http://securityresponse.symantec.com/avcenter/tools.list.html

Download the repair tools for Nimda A & E, Sircam and Klez. I would almost bet the farm that you are infected with one of these three viruses, probably SirCam if you first started having problems more than 3 months ago. Anyway download all the tools to the desktop then reboot and run them one at a time in safemode.

Note: If you are running WinXP or ME be sure to disable system restore before you run the removal tools otherwise the OS might restore the virus heh.

For instructions on turning off system restore in XP go to:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

For instructions on turning off system restore in ME go to:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239

Good luck and be sure to keep your virus definitions up to date!

Trigger
Paranoid (IV) Inmate

From:
Insane since: Jun 2002

posted 07-19-2002 16:45

the little Teddy bear? wasent that part of a Hoax? *rummages for website*

finds it..
http://www.austprojects.com.au/news/jdbgmgr.htm
have a read of that....

secondly for identifying the one you have at the minute does it do anything pacilaur like cause intenral erros or illegal actions???

you could always just download a nice free up to date virus scanner like
Avg and get that to tell you what it is and remove it

[edit: a good idea is to stick her own adress in her adress book that way she will get the email her self with the content and the name of the attachment you can do a search on google with the file name and other things to identify it.. and its handy to know you've got a worm so you can warn your contacts as soon as possible.. Just a thought ]

[This message has been edited by Trigger (edited 07-19-2002).]

warjournal
Maniac (V) Mad Scientist

From:
Insane since: Aug 2000

posted 07-20-2002 00:58

Thanks, folks. Wish me luck for the next time I wax it (hopefully in a few days).