Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Persistent virus problem

Reply
Thread Tools

Persistent virus problem

 
 
MaryL
Guest
Posts: n/a
 
      01-21-2007
I use AVG for anti-virus. Over the last few days, it has consistently
located viruses. Most have been associated with Eudora but some have been
associated with System Volume Information. There have usually been 3 to
5 -- some viruses, some trojan horses, some worms. Each time, AVG moves the
offending files to the vault. If I re-scan, everything is clear, but I will
have the same (or similar) problem in another day or so. I can't tell
exactly *which* messages have the virus because AVG gives me a path but not
the filename. For example, it will show: c:\Program
Files\Qualcomm\Eudora\Myname\Embedded\Full Clip.exe. Another one is:
c:\Program Files\Qualcomm\Eudora\Myname\Embedded\Video.exe.

I never open files from unknown sources. I always delete them without
reviewing. However, I can't really tell *which* files are the offenders
(whether from scam, which I receive frequently but delete) or from friends
who may be unknowingly sending the problem files.

Virus names have been: I-Worm/Stration; Trojan horse Downloader.Agent.ICB;
Virus Downloader.Tibs. Filename examples (which are not the names I can see
in Eurora but are apparently the embedded files) are: Update-KB2524-x86.exe;
A0004087.exe; Read More.exe; Full Video.exe; Full Text.exe.

Can anyone provide some help? This first occurred on Nov. 22, 1006, then
there were no further problems until a 3 or 4 days ago but the problem has
popped up persistently since that time.

I am using Win XP-Home Edition. I have AVG free (which runs daily and also
scans email), and I run both Ad-Aware and SpyBot several times a week. I am
connected to the Internet via cable and use a wireless router (LinkSys
Wireless-G Broadband Router, 2.4GHz, 802-11g). I also have a wireless
laptop that I can use to access the Internet through the same router, but it
is *very rarely* used because I use it primarily when I travel, and then
mostly for spreadsheet and word processing (not Internet connection).

Thanks for any help. This is annoying -- but, more important, I am
concerned about security.

MaryL


Thanks,
MaryL


 
Reply With Quote
 
 
 
 
1932
Guest
Posts: n/a
 
      01-21-2007

"MaryL" <(E-Mail Removed)-OUT-THE-LITTER> wrote in message
news:KTLsh.40510$(E-Mail Removed)...
>I use AVG for anti-virus. Over the last few days, it has consistently
>located viruses. Most have been associated with Eudora but some have been
>associated with System Volume Information. There have usually been 3 to
>5 -- some viruses, some trojan horses, some worms. Each time, AVG moves
>the offending files to the vault. If I re-scan, everything is clear, but I
>will have the same (or similar) problem in another day or so. I can't tell
>exactly *which* messages have the virus because AVG gives me a path but not
>the filename. For example, it will show: c:\Program
>Files\Qualcomm\Eudora\Myname\Embedded\Full Clip.exe. Another one is:
>c:\Program Files\Qualcomm\Eudora\Myname\Embedded\Video.exe.
>
> I never open files from unknown sources. I always delete them without
> reviewing. However, I can't really tell *which* files are the offenders
> (whether from scam, which I receive frequently but delete) or from friends
> who may be unknowingly sending the problem files.
>
> Virus names have been: I-Worm/Stration; Trojan horse Downloader.Agent.ICB;
> Virus Downloader.Tibs. Filename examples (which are not the names I can
> see in Eurora but are apparently the embedded files) are:
> Update-KB2524-x86.exe; A0004087.exe; Read More.exe; Full Video.exe; Full
> Text.exe.
>

snipped some.

Hi M. go have a read of this security article.
http://searchsecurity.techtarget.com...239899,00.html

It seems to be linked to this.
http://www.f-secure.com/v-descs/small_dam.shtml
The world is getting infected.


 
Reply With Quote
 
 
 
 
pcbutts1
Guest
Posts: n/a
 
      01-21-2007
Turn off System Restore http://support.microsoft.com/kb/310405 reboot.
Temporarily disable your antivirus. Download your mail, delete the offending
mail. Re-enable your antivirus and do a complete scan. Turn on system
Restore, reboot. Your antivirus is catching the email before it actually
downloads, which is good, but with Eudora it is not good.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"MaryL" <(E-Mail Removed)-OUT-THE-LITTER> wrote in message
news:KTLsh.40510$(E-Mail Removed)...
>I use AVG for anti-virus. Over the last few days, it has consistently
>located viruses. Most have been associated with Eudora but some have been
>associated with System Volume Information. There have usually been 3 to
>5 -- some viruses, some trojan horses, some worms. Each time, AVG moves
>the offending files to the vault. If I re-scan, everything is clear, but I
>will have the same (or similar) problem in another day or so. I can't tell
>exactly *which* messages have the virus because AVG gives me a path but not
>the filename. For example, it will show: c:\Program
>Files\Qualcomm\Eudora\Myname\Embedded\Full Clip.exe. Another one is:
>c:\Program Files\Qualcomm\Eudora\Myname\Embedded\Video.exe.
>
> I never open files from unknown sources. I always delete them without
> reviewing. However, I can't really tell *which* files are the offenders
> (whether from scam, which I receive frequently but delete) or from friends
> who may be unknowingly sending the problem files.
>
> Virus names have been: I-Worm/Stration; Trojan horse Downloader.Agent.ICB;
> Virus Downloader.Tibs. Filename examples (which are not the names I can
> see in Eurora but are apparently the embedded files) are:
> Update-KB2524-x86.exe; A0004087.exe; Read More.exe; Full Video.exe; Full
> Text.exe.
>
> Can anyone provide some help? This first occurred on Nov. 22, 1006, then
> there were no further problems until a 3 or 4 days ago but the problem has
> popped up persistently since that time.
>
> I am using Win XP-Home Edition. I have AVG free (which runs daily and
> also scans email), and I run both Ad-Aware and SpyBot several times a
> week. I am connected to the Internet via cable and use a wireless router
> (LinkSys Wireless-G Broadband Router, 2.4GHz, 802-11g). I also have a
> wireless laptop that I can use to access the Internet through the same
> router, but it is *very rarely* used because I use it primarily when I
> travel, and then mostly for spreadsheet and word processing (not Internet
> connection).
>
> Thanks for any help. This is annoying -- but, more important, I am
> concerned about security.
>
> MaryL
>
>
> Thanks,
> MaryL
>
>



 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      01-21-2007
In article <KTLsh.40510$(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed)AKE-
OUT-THE-LITTER says...
> I never open files from unknown sources. I always delete them without
> reviewing. However, I can't really tell *which* files are the offenders
> (whether from scam, which I receive frequently but delete) or from friends
> who may be unknowingly sending the problem files.
>
> Virus names have been: I-Worm/Stration; Trojan horse Downloader.Agent.ICB;
> Virus Downloader.Tibs. Filename examples (which are not the names I can see
> in Eurora but are apparently the embedded files) are: Update-KB2524-x86.exe;
> A0004087.exe; Read More.exe; Full Video.exe; Full Text.exe.
>
> Can anyone provide some help? This first occurred on Nov. 22, 1006, then
> there were no further problems until a 3 or 4 days ago but the problem has
> popped up persistently since that time.


I suspect that it's the standard virus laden spam emails we've seen all
over the country. As long as you're AV solution is catching them, as
long as you DELETE the email without opening the attachments, you're
fine.

If you don't trust your AV solution try MULTI_AV from David Lipman, it's
the best non-realtime scanner I've seen.

--
Want to know what PCBUTTS1 is really about?
*** WARNING - these links contain foul/pornographic content of an
abusive nature created by PCBUTTS1 and still hosted on his public
website ***
http://www.pcbutts1.com/rlk/rlk.htm ,
http://www.pcbutts1.com/license.htm ,
http://www.pcbutts1.com/downloads/max.htm ,
http://www.pcbutts1.com/downloads/mpv.htm ,
http://www.pcbutts1.com/downloads/wtcpcb.htm ,
http://www.pcbutts1.com/cracks.htm ,
http://www.pcbutts1.com/Loutheasshole.htm
All while spamming his company website at: http://www.seedsv.com
 
Reply With Quote
 
MaryL
Guest
Posts: n/a
 
      01-21-2007

"pcbutts1" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Turn off System Restore http://support.microsoft.com/kb/310405 reboot.
> Temporarily disable your antivirus. Download your mail, delete the
> offending mail. Re-enable your antivirus and do a complete scan. Turn on
> system Restore, reboot. Your antivirus is catching the email before it
> actually downloads, which is good, but with Eudora it is not good.
>
>
> --
>
> Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
> The list grows. Leythos the stalker http://www.leythosthestalker.com,
> David H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
> Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell
>
>
>
>


I had already turned off System Restore, rebooted, then turned it back on
(immeditely *after* I had a clean scan). I had not disabled my antivirus.
I am willing to do this, but can you explain why? Also, I don't know how to
delete the offending mail because that is part of the problem I tried to
explain -- the viruses, etc. are embedded within mail, and AVG shows the
path which includes the name of the virus but does *not* tell me
specifically which mail includes the problem. For example, this path:
c:\Program Files\Qualcomm\Eudora\Myname\Embedded\Full Text.exe. Full Text
seems to be the problem, but I still can't tell which specific piece of
email includes it -- and I have a *huge* amount of email (some of which I
delete and some that I move to specific mailboxes).

Also, what did you mean when you wrote that "with Eudora it is not good"?
Is there a problem with Eudora that I should be aware of? I have used
Eudora for years for private mail and use Yahoo for newsgroup mail. For a
long time, that greatly reduced the amount of spam that I received in
Eudora, but that is now building.

Thanks,
MaryL



 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      01-21-2007
In article <SiMsh.6313$(E-Mail Removed)>, (E-Mail Removed)AKE-
OUT-THE-LITTER says...
> I had already turned off System Restore, rebooted, then turned it back on
> (immeditely *after* I had a clean scan). I had not disabled my antivirus.
> I am willing to do this, but can you explain why? Also, I don't know how to
> delete the offending mail because that is part of the problem I tried to
> explain -- the viruses, etc. are embedded within mail, and AVG shows the
> path which includes the name of the virus but does *not* tell me
> specifically which mail includes the problem. For example, this path:
> c:\Program Files\Qualcomm\Eudora\Myname\Embedded\Full Text.exe.


All you need to do is delete any email with an attachment that came from
someone you didn't ask for, should be easy to spot, then run a full
scan.


--
Want to know what PCBUTTS1 is really about?
*** WARNING - these links contain foul/pornographic content of an
abusive nature created by PCBUTTS1 and still hosted on his public
website ***
http://www.pcbutts1.com/rlk/rlk.htm ,
http://www.pcbutts1.com/license.htm ,
http://www.pcbutts1.com/downloads/max.htm ,
http://www.pcbutts1.com/downloads/mpv.htm ,
http://www.pcbutts1.com/downloads/wtcpcb.htm ,
http://www.pcbutts1.com/cracks.htm ,
http://www.pcbutts1.com/Loutheasshole.htm
All while spamming his company website at: http://www.seedsv.com
 
Reply With Quote
 
MaryL
Guest
Posts: n/a
 
      01-21-2007

"Leythos" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed). ..
> In article <KTLsh.40510$(E-Mail Removed)>, (E-Mail Removed)AKE-
> OUT-THE-LITTER says...
>> I never open files from unknown sources. I always delete them without
>> reviewing. However, I can't really tell *which* files are the offenders
>> (whether from scam, which I receive frequently but delete) or from
>> friends
>> who may be unknowingly sending the problem files.
>>
>> Virus names have been: I-Worm/Stration; Trojan horse
>> Downloader.Agent.ICB;
>> Virus Downloader.Tibs. Filename examples (which are not the names I can
>> see
>> in Eurora but are apparently the embedded files) are:
>> Update-KB2524-x86.exe;
>> A0004087.exe; Read More.exe; Full Video.exe; Full Text.exe.
>>
>> Can anyone provide some help? This first occurred on Nov. 22, 1006, then
>> there were no further problems until a 3 or 4 days ago but the problem
>> has
>> popped up persistently since that time.

>
> I suspect that it's the standard virus laden spam emails we've seen all
> over the country. As long as you're AV solution is catching them, as
> long as you DELETE the email without opening the attachments, you're
> fine.
>
> If you don't trust your AV solution try MULTI_AV from David Lipman, it's
> the best non-realtime scanner I've seen.
>
> --


AVG has been very easy to use, and it is usually given a high rating for
reliability (both of which are important to me). I am not familiar with
MULTI_AV, but I'll take a look at it. One of my difficulties is that I
don't know which email is the actual source. As I said in another message,
the path includes the name of the embedded file but not the name of the
email message -- so, I can't be sure if this is included in spam or if a
friend is inadvertently sending it.

I had AVG running while I wrote this, and I just received a popup saying
that 3 files were successfully healed.

MaryL


 
Reply With Quote
 
pcbutts1
Guest
Posts: n/a
 
      01-21-2007
There is no problem with Eudora it is safe. The problem is your AV is
intercepting the virus before it fully downloads to your mailbox. We had a
big problem with Norton doing that. The virus is embedded in an html
document in email. You have to clean it out of that folder c:\Program
Files\Qualcomm\Eudora\Myname\Embedded. One way to do that would be to
disable your AV and let it fully download to your inbox. You can also turn
off html in the Eudora settings. You can also set you AV to exclude the
embedded folder.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"MaryL" <(E-Mail Removed)-OUT-THE-LITTER> wrote in message
news:SiMsh.6313$(E-Mail Removed)...
>
> "pcbutts1" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Turn off System Restore http://support.microsoft.com/kb/310405 reboot.
>> Temporarily disable your antivirus. Download your mail, delete the
>> offending mail. Re-enable your antivirus and do a complete scan. Turn on
>> system Restore, reboot. Your antivirus is catching the email before it
>> actually downloads, which is good, but with Eudora it is not good.
>>
>>
>> --
>>
>> Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
>> The list grows. Leythos the stalker http://www.leythosthestalker.com,
>> David H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
>> Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell
>>
>>
>>
>>

>
> I had already turned off System Restore, rebooted, then turned it back on
> (immeditely *after* I had a clean scan). I had not disabled my antivirus.
> I am willing to do this, but can you explain why? Also, I don't know how
> to delete the offending mail because that is part of the problem I tried
> to explain -- the viruses, etc. are embedded within mail, and AVG shows
> the path which includes the name of the virus but does *not* tell me
> specifically which mail includes the problem. For example, this path:
> c:\Program Files\Qualcomm\Eudora\Myname\Embedded\Full Text.exe. Full Text
> seems to be the problem, but I still can't tell which specific piece of
> email includes it -- and I have a *huge* amount of email (some of which I
> delete and some that I move to specific mailboxes).
>
> Also, what did you mean when you wrote that "with Eudora it is not good"?
> Is there a problem with Eudora that I should be aware of? I have used
> Eudora for years for private mail and use Yahoo for newsgroup mail. For a
> long time, that greatly reduced the amount of spam that I received in
> Eudora, but that is now building.
>
> Thanks,
> MaryL
>
>
>



 
Reply With Quote
 
MaryL
Guest
Posts: n/a
 
      01-21-2007

"1932" <(E-Mail Removed)> wrote in message
news:U2Msh.73823$(E-Mail Removed)...
>
> "MaryL" <(E-Mail Removed)-OUT-THE-LITTER> wrote in message
> news:KTLsh.40510$(E-Mail Removed)...
>>I use AVG for anti-virus. Over the last few days, it has consistently
>>located viruses. Most have been associated with Eudora but some have been
>>associated with System Volume Information. There have usually been 3 to
>>5 -- some viruses, some trojan horses, some worms. Each time, AVG moves
>>the offending files to the vault. If I re-scan, everything is clear, but
>>I will have the same (or similar) problem in another day or so. I can't
>>tell exactly *which* messages have the virus because AVG gives me a path
>>but not the filename. For example, it will show: c:\Program
>>Files\Qualcomm\Eudora\Myname\Embedded\Full Clip.exe. Another one is:
>>c:\Program Files\Qualcomm\Eudora\Myname\Embedded\Video.exe.
>>
>> I never open files from unknown sources. I always delete them without
>> reviewing. However, I can't really tell *which* files are the offenders
>> (whether from scam, which I receive frequently but delete) or from
>> friends who may be unknowingly sending the problem files.
>>
>> Virus names have been: I-Worm/Stration; Trojan horse
>> Downloader.Agent.ICB; Virus Downloader.Tibs. Filename examples (which
>> are not the names I can see in Eurora but are apparently the embedded
>> files) are: Update-KB2524-x86.exe; A0004087.exe; Read More.exe; Full
>> Video.exe; Full Text.exe.
>>

> snipped some.
>
> Hi M. go have a read of this security article.
> http://searchsecurity.techtarget.com...239899,00.html
>
> It seems to be linked to this.
> http://www.f-secure.com/v-descs/small_dam.shtml
> The world is getting infected.
>
>


Thanks! This does sound like an exact description of what I have seen. I
have received a number of messages lately such as "Sadam Hussein is still
alive" or even "Sadam Hussein is dead" (with misspellings). I did not open
them and immediately deleted them. I also empty trash and compact mailboxes
several times a week. So, I'm puzzled as to why AVG would then still find
references to the problem -- if this is the source -- when it scans (done
daily at about 8:00 a.m.). I did turn off System Restore and then restart
it after getting a clean scan because I was already aware that it can save
malware. The sources you sent are excellent for me -- as I said, at least I
have now seen some references to the precise problem.

I like AVG, but (1) it does concern me that it does not provide information
about the precise message so I can see if any of these are included in
messages inadvertently sent by friends and (2) it seems strange to see the
viruses showing up *after* I have deleted unopened mail.

Thanks,
MaryL


 
Reply With Quote
 
MaryL
Guest
Posts: n/a
 
      01-21-2007

"pcbutts1" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> There is no problem with Eudora it is safe. The problem is your AV is
> intercepting the virus before it fully downloads to your mailbox. We had a
> big problem with Norton doing that. The virus is embedded in an html
> document in email. You have to clean it out of that folder c:\Program
> Files\Qualcomm\Eudora\Myname\Embedded. One way to do that would be to
> disable your AV and let it fully download to your inbox. You can also turn
> off html in the Eudora settings. You can also set you AV to exclude the
> embedded folder.
>
> --
>
>


Thanks. I'm beginning to get the picture. However, I don't see how I can
disable the AV at the appropriate time because I get *lots* of email, and I
would never know in advance when one of the offending emails is being
downloaded. I could, of course, disable AVG *every* time I downloaded email
for awhile -- but wouldn't that be opening my computer to still more
infections? (Serious question...I'm showing my lack of knowledge here, not
trying to be overly stubborn about it.)

MaryL


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem persistent; sfhover - nested menu - hovering problem mogwaii HTML 2 12-27-2010 10:18 PM
Persistent field and Persistent properties - difference gk Java 7 10-12-2010 09:43 PM
Forms Authentication Persistent Cookies Problem Joey Powell ASP .Net 4 12-26-2003 04:47 AM
Virus, Virus, Virus..... Phil B Computer Support 2 09-22-2003 05:02 PM



Advertisments