Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   NZ Computing (http://www.velocityreviews.com/forums/f47-nz-computing.html)
-   -   PC seems infected - cannot detect virus (http://www.velocityreviews.com/forums/t567727-pc-seems-infected-cannot-detect-virus.html)

steve 09-20-2003 04:46 AM

Re: PC seems infected - cannot detect virus
 
Warwick wrote:
> Hi,
> I'd like to ask some questions of the group in general and particularly
> those using xtra for email.
>
> I received 280 emails this morning.
> About 1/3 are fake patches purporting to be from msoft, the rest are admin
> messages re bounced emails that I didn't send (knowingly).


Someone with a BIG address book (with you in it) has the virus and thew
virus has used your address as the FROM: address.


max 09-20-2003 05:27 AM

Re: PC seems infected - cannot detect virus
 
On Sat, 20 Sep 2003 16:27:24 -0700, "Warwick" <Half_drunk@xtra.co.nz>
wrote:

>Hi,
>I'd like to ask some questions of the group in general and particularly
>those using xtra for email.
>
>I received 280 emails this morning.
>About 1/3 are fake patches purporting to be from msoft, the rest are admin
>messages re bounced emails that I didn't send (knowingly).
>
>This has all the hallmarks of a virus infection however AVG does not detect
>any.
>
>Q.Are other xtra customers receiving multiple copies of the msoft patch
>scam? or is it part of my ghost infection?
>
>
>Q: Could the script have run and installed a trojan AVG don't know about?
>
>Q: Which one of the current viri in circulation best fits the symptoms?
>Again other xtra customers getting bounced messages they did not send?
>(seems vaguely reminiscent of Klez which spoofed the from field of emails
>and caused this kind of confusion).
>
>
>AVG did detect a script exploit in temporary internet files. The warning
>popped up while I was surfing and I immediately ran the protection and
>cleaned the script.
>
>All windows critical updates are installed and were installed during time of
>infection. (if it is an infection).
>
>Sorry to have to draw on your collective wisdom here, but Ive been trawling
>thru the symantec site and no viri seem to match symptoms properly.
>AVG similairly updated to most current and reports a clean machine.
>
>cheers
>Warwick
>
>
>
>
>---
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003
>


I have had the same type of thing over the last few months. It is
other peoples computers and not mine, as I am fully patched and
protected. I hits my email address in waves, and lasts about a day
before it stops. Get about 200 emails in that time. This type of thing
is what will probably kill the internet in time.

max 09-20-2003 05:45 AM

Re: PC seems infected - cannot detect virus
 
On Sat, 20 Sep 2003 16:27:24 -0700, "Warwick" <Half_drunk@xtra.co.nz>
wrote:

>Hi,
>I'd like to ask some questions of the group in general and particularly
>those using xtra for email.
>
>I received 280 emails this morning.
>About 1/3 are fake patches purporting to be from msoft, the rest are admin
>messages re bounced emails that I didn't send (knowingly).
>
>This has all the hallmarks of a virus infection however AVG does not detect
>any.
>
>Q.Are other xtra customers receiving multiple copies of the msoft patch
>scam? or is it part of my ghost infection?
>
>
>Q: Could the script have run and installed a trojan AVG don't know about?
>
>Q: Which one of the current viri in circulation best fits the symptoms?
>Again other xtra customers getting bounced messages they did not send?
>(seems vaguely reminiscent of Klez which spoofed the from field of emails
>and caused this kind of confusion).
>
>
>AVG did detect a script exploit in temporary internet files. The warning
>popped up while I was surfing and I immediately ran the protection and
>cleaned the script.
>
>All windows critical updates are installed and were installed during time of
>infection. (if it is an infection).
>
>Sorry to have to draw on your collective wisdom here, but Ive been trawling
>thru the symantec site and no viri seem to match symptoms properly.
>AVG similairly updated to most current and reports a clean machine.
>
>cheers
>Warwick
>
>
>
>
>---
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003
>


Well your system clock is stuffed for a start.

pbs 09-20-2003 06:58 AM

Re: PC seems infected - cannot detect virus
 
Warwick wrote:
> Hi,
> I'd like to ask some questions of the group in general and particularly
> those using xtra for email.
>
> I received 280 emails this morning.
> About 1/3 are fake patches purporting to be from msoft, the rest are admin
> messages re bounced emails that I didn't send (knowingly).
>
> This has all the hallmarks of a virus infection however AVG does not detect
> any.

[snip]

I am (Still) receiving 3-10 email a minute to the email address on
this posting. So far I have received in excess 1000 emails with about
a dozen different headers + some from ISPs who inform me that they
have delete the attachment which was infected.

The subject line varies but tends to have the word Microsoft in them.
They seem to come in a pattern of 8 long ones with 3 attachments
making a total size of 160K. Followed by a short one with 3
attachments.

As I use a Linux box all email to this address is going to
/dev/null. :-)

I know that this address is compromised (as I use it for posting
to the usenet, it has been well and truly trawled and placed onto
one of those CD I get spammed about with subject lines like
"Buy a CD of 1 Billion email addresses", "I'm a Nigerian scam
artist" and "This is a product YOU must have".

I think the emails are comming from someone who has bought a such a cd,
a how to spam manual and a virus attack manual.

The mind boggles as to what band width is being taken up with this
stuff. Here an I in Wellington downloading it from a server in the
UK and if I am getting this stuff so probably are other "billion email
addresses on the CD"


Mainlander 09-20-2003 09:08 AM

Re: PC seems infected - cannot detect virus
 
In article <fFQab.153205$JA5.3756355@news.xtra.co.nz>,
Half_drunk@xtra.co.nz says...
> Hi,
> I'd like to ask some questions of the group in general and particularly
> those using xtra for email.
>
> I received 280 emails this morning.
> About 1/3 are fake patches purporting to be from msoft, the rest are admin
> messages re bounced emails that I didn't send (knowingly).
>
> This has all the hallmarks of a virus infection however AVG does not detect
> any.


So it could be a new virus not yet detected by AVG.


Murray 09-20-2003 10:26 AM

Re: PC seems infected - cannot detect virus
 
And so Xtra's email virus filter does not work either....

"Warwick" <Half_drunk@xtra.co.nz> wrote in message
news:fFQab.153205$JA5.3756355@news.xtra.co.nz...
> Hi,
> I'd like to ask some questions of the group in general and particularly
> those using xtra for email.
>
> I received 280 emails this morning.
> About 1/3 are fake patches purporting to be from msoft, the rest are admin
> messages re bounced emails that I didn't send (knowingly).
>
> This has all the hallmarks of a virus infection however AVG does not

detect
> any.
>
> Q.Are other xtra customers receiving multiple copies of the msoft patch
> scam? or is it part of my ghost infection?
>
>
> Q: Could the script have run and installed a trojan AVG don't know about?
>
> Q: Which one of the current viri in circulation best fits the symptoms?
> Again other xtra customers getting bounced messages they did not send?
> (seems vaguely reminiscent of Klez which spoofed the from field of emails
> and caused this kind of confusion).
>
>
> AVG did detect a script exploit in temporary internet files. The warning
> popped up while I was surfing and I immediately ran the protection and
> cleaned the script.
>
> All windows critical updates are installed and were installed during time

of
> infection. (if it is an infection).
>
> Sorry to have to draw on your collective wisdom here, but Ive been

trawling
> thru the symantec site and no viri seem to match symptoms properly.
> AVG similairly updated to most current and reports a clean machine.
>
> cheers
> Warwick
>
>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003
>
>




Ralph Fox 09-20-2003 09:26 PM

Re: PC seems infected - cannot detect virus
 
On Sat, 20 Sep 2003 17:45:35 +1200, in article
<6bqnmvkpf0oijeoi83bodm60ob7k8krb72@4ax.com>, max wrote:

> Well your system clock is stuffed for a start.



Warwick's system clock will look right to him (correct time of day
showing in the clock), but he has his time zone set to California
time.

His message says it was posted Saturday 16:27 California time
which is Sunday 11:27 New Zealand time.

All our posts will look to Warwick as if they were backdated 19 hours.


--
Cheers,
Ralph

"There is only one boss, the customer. And he can fire everybody in
the company from the chairman on down, simply by spending his money
somewhere else." -- Sam Walton


09-20-2003 09:55 PM

ISP rebates for viruses (was PC seems infected - cannot detect virus)
 
When a new virus or worm is unleashed, say on the 18th September, then you
can expect that its signature will not be contained in the virus scanners
like F-Prot, McAfee, Symantec until it has been detected, reported and
assesessed. Typically, this may take 2 or 3 days. So by 21st September, the
virus scanners will have updated signature files to detect the virus and
provide a kill routine. And that's a very best case scenario. After the
signatures are updated, and the ISP or users have updated to use them, you
can expect the speed of virus propagation to be cut back.

When an ISP provides virus protection as part of its service, and heavily
advertises the fact, it will create a customer expectation that they will be
protected from all viruses getting through. This is an unrealistic
expectation, given the obvious window of a few days during which a new virus
will be able to spread rampantly. But customers will feel that they are
paying for a service, and not being provided with what they are paying for.
Understandably they will feel aggrieved when they find themselves on the
receiving end of tens or hundreds of viruses.
If they are paying for connect time or by volume, and the viruses have a
payload of 70KB or 100KB each, then they will also feel aggrieved at having
to pay for the additional connect time or volume charges due to the
unexpected virus deliveries. Such has been the case with the Sobig.F worm
and the Swen (fake Microsoft update) worm in the past month. One would
expect that there is a legal obligation on the ISP to offer recompense under
such circumstances. It is up to the consumer to make this point to the
provider of the service.

Where the ISP does not offer virus protection, there is less of a case.


"Murray" <00000000@000.com> wrote in message
news:bkha3n$g2l$1@lust.ihug.co.nz...
> And so Xtra's email virus filter does not work either....
>
>




Warwick 09-20-2003 11:27 PM

PC seems infected - cannot detect virus
 
Hi,
I'd like to ask some questions of the group in general and particularly
those using xtra for email.

I received 280 emails this morning.
About 1/3 are fake patches purporting to be from msoft, the rest are admin
messages re bounced emails that I didn't send (knowingly).

This has all the hallmarks of a virus infection however AVG does not detect
any.

Q.Are other xtra customers receiving multiple copies of the msoft patch
scam? or is it part of my ghost infection?


Q: Could the script have run and installed a trojan AVG don't know about?

Q: Which one of the current viri in circulation best fits the symptoms?
Again other xtra customers getting bounced messages they did not send?
(seems vaguely reminiscent of Klez which spoofed the from field of emails
and caused this kind of confusion).


AVG did detect a script exploit in temporary internet files. The warning
popped up while I was surfing and I immediately ran the protection and
cleaned the script.

All windows critical updates are installed and were installed during time of
infection. (if it is an infection).

Sorry to have to draw on your collective wisdom here, but Ive been trawling
thru the symantec site and no viri seem to match symptoms properly.
AVG similairly updated to most current and reports a clean machine.

cheers
Warwick




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003



Warwick 09-21-2003 12:00 AM

Re: PC seems infected - cannot detect virus
 

"steve" <steve@adding-valu.org.no> wrote in message
news:RYQab.2603$tv1.285649@news02.tsnz.net...
> Warwick wrote:
> > Hi,
> > I'd like to ask some questions of the group in general and particularly
> > those using xtra for email.
> >
> > I received 280 emails this morning.
> > About 1/3 are fake patches purporting to be from msoft, the rest are

admin
> > messages re bounced emails that I didn't send (knowingly).

>
> Someone with a BIG address book (with you in it) has the virus and thew
> virus has used your address as the FROM: address.
>


Ty
After more trawling Swen seems the likely candidate.
However its not on my machine according to AVG.
To be extra sure I looked for the reg entries and files SWEN is supposed to
create and they are not there.
Fingers crossed and hope ur right. Its not me but someone elses infection
that is causing all this.

cheers



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003




All times are GMT. The time now is 04:36 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.