How do you know you didn't get infected by Swen?

Discussion in 'Computer Support' started by wylbur37, Nov 17, 2003.

  1. wylbur37

    wylbur37 Guest

    How can you really determine whether or not your computer has been
    infected by the Swen worm?

    Having an anti-virus program report "no infections" is not necessarily
    conclusive since it's possible that the anti-virus program wasn't
    updated, or the update didn't include the code for Swen.

    Is there a program available that was written specifically to detect
    Swen?

    Alternatively, are there specific symptoms to look for (such as the
    existence of certain files or executables) that would reveal the
    presence of Swen?

    How can you be sure you didn't get infected by Swen?
     
    wylbur37, Nov 17, 2003
    #1
    1. Advertising

  2. http://housecall.trendmicro.com/ - online virus scanner.

    --Tina
    --
    http://www.AffordableHOST.com
    20% Discount Code: newsgroup
    Serving the web since 1997

    "wylbur37" <> wrote in message
    news:...
    > How can you really determine whether or not your computer has been
    > infected by the Swen worm?
    >
    > Having an anti-virus program report "no infections" is not necessarily
    > conclusive since it's possible that the anti-virus program wasn't
    > updated, or the update didn't include the code for Swen.
    >
    > Is there a program available that was written specifically to detect
    > Swen?
    >
    > Alternatively, are there specific symptoms to look for (such as the
    > existence of certain files or executables) that would reveal the
    > presence of Swen?
    >
    > How can you be sure you didn't get infected by Swen?
     
    Tina - AffordableHOST.com, Nov 17, 2003
    #2
    1. Advertising

  3. wylbur37

    Rob K Guest

    On 17 Nov 2003 04:44:08 -0800, wylbur37 wrote:

    > How can you really determine whether or not your computer has been
    > infected by the Swen worm?
    >
    > Having an anti-virus program report "no infections" is not necessarily
    > conclusive since it's possible that the anti-virus program wasn't
    > updated, or the update didn't include the code for Swen.
    >
    > Is there a program available that was written specifically to detect
    > Swen?
    >
    > Alternatively, are there specific symptoms to look for (such as the
    > existence of certain files or executables) that would reveal the
    > presence of Swen?
    >
    > How can you be sure you didn't get infected by Swen?



    My five cents:

    Don't worry too much.

    For the AV-guys, Swen has been around long enough to deal with it properly.
    Detailed info from Symantec here:

    http://tinyurl.com/nu11



    --
    My E-mail address in ROT-13:
     
    Rob K, Nov 17, 2003
    #3
  4. wylbur37 wrote:

    > How can you be sure you didn't get infected by Swen?


    By running Linux.

    --
    David.
     
    David F. Skoll, Nov 17, 2003
    #4
  5. wylbur37

    Boomer Guest

    Rob K <> wrote in
    news::

    > On 17 Nov 2003 04:44:08 -0800, wylbur37 wrote:
    >
    >> How can you really determine whether or not your computer has
    >> been infected by the Swen worm?
    >>
    >> Having an anti-virus program report "no infections" is not
    >> necessarily conclusive since it's possible that the anti-virus
    >> program wasn't updated, or the update didn't include the code for
    >> Swen.
    >>
    >> Is there a program available that was written specifically to
    >> detect Swen?
    >>
    >> Alternatively, are there specific symptoms to look for (such as
    >> the existence of certain files or executables) that would reveal
    >> the presence of Swen?
    >>
    >> How can you be sure you didn't get infected by Swen?

    >
    >
    > My five cents:
    >
    > Don't worry too much.
    >
    > For the AV-guys, Swen has been around long enough to deal with it
    > properly. Detailed info from Symantec here:
    >
    > http://tinyurl.com/nu11


    Welcome back Rob K. :)
     
    Boomer, Nov 17, 2003
    #5
  6. wylbur37

    Rob K Guest

    On 17 Nov 2003 13:22:20 GMT, Boomer wrote:

    <snip>
    >
    > Welcome back Rob K. :)


    Thank you Boomer ;-)

    --
    My E-mail address in ROT-13:
     
    Rob K, Nov 17, 2003
    #6
  7. wylbur37

    gangle Guest

    "Rob K" wrote
    > On 17 Nov 2003 13:22:20 GMT, Boomer wrote:
    >
    > <snip>
    > >
    > > Welcome back Rob K. :)

    - , -

    > Thank you Boomer ;-)

    - , -
     
    gangle, Nov 17, 2003
    #7
  8. wylbur37

    Boomer Guest

    "gangle" <> wrote in news:kMmdnaexEfPreiWiRVn-
    :

    > "Rob K" wrote
    >> On 17 Nov 2003 13:22:20 GMT, Boomer wrote:
    >>
    >> <snip>
    >> >
    >> > Welcome back Rob K. :)

    > - , -
    >
    >> Thank you Boomer ;-)

    > - , -


    Thank you, gangle! ;)
     
    Boomer, Nov 17, 2003
    #8
  9. wylbur37

    gangle Guest

    "Boomer" wrote
    > "gangle" wrote
    >
    > > "Rob K" wrote
    > >> On 17 Nov 2003 13:22:20 GMT, Boomer wrote:
    > >>
    > >> <snip>
    > >> >
    > >> > Welcome back Rob K. :)

    > > - , -
    > >
    > >> Thank you Boomer ;-)

    > > - , -

    >
    > Thank you, gangle! ;)


    Well, you've being doing so splendidly lately on this direct
    address comma thing, I thought you could use a little reminder
    before you reverted to old habits. Your excitement at seeing
    that Rob K had completed his most recent prison sentence
    apparently caused your brain to undulate momentarily.

    --
    It Is Unwise To Attempt Anal Sex With A Porcupine
     
    gangle, Nov 17, 2003
    #9
  10. wylbur37 wrote:

    > Is there a program available that was written specifically to detect
    > Swen?
    >
    > Alternatively, are there specific symptoms to look for (such as the
    > existence of certain files or executables) that would reveal the
    > presence of Swen?


    Please see e.g. <URL:http://vil.nai.com/vil/content/v_100662.htm>.

    Follow-ups set.

    Thor

    --
    http://thorweb.anta.net/
     
    Thor Kottelin, Nov 17, 2003
    #10
  11. wylbur37

    Ben Myers Guest

    The most prominent symptom is probably the inability to run regedit.
    There are Swen specific removal tools.

    http://www.symantec.com/avcenter/venc/data/
    http://www.bullguard.com/antivirus/vit_swen_a.aspx

    Ben

    wylbur37 <> wrote in message news:...
    > How can you really determine whether or not your computer has been
    > infected by the Swen worm?
    >
    > Having an anti-virus program report "no infections" is not necessarily
    > conclusive since it's possible that the anti-virus program wasn't
    > updated, or the update didn't include the code for Swen.
    >
    > Is there a program available that was written specifically to detect
    > Swen?
    >
    > Alternatively, are there specific symptoms to look for (such as the
    > existence of certain files or executables) that would reveal the
    > presence of Swen?
    >
    > How can you be sure you didn't get infected by Swen?
     
    Ben Myers, Nov 17, 2003
    #11
  12. wylbur37

    s. keeling Guest

    On 17 Nov 2003 04:44:08 -0800, wylbur37 <>:
    > How can you really determine whether or not your computer has been
    > infected by the Swen worm?


    Are you still being bombarded with swen? If so, you're not infected.
    Or you're not running Windows, thereby disabling swen from inoculating
    itself against further attack..


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://www.spots.ab.ca/~keeling
    - - http://learn.to/quote (Deutsch) http://quote.6x.to (Eng.)
    Spammers! http://www.spots.ab.ca/~keeling/spammers.html
     
    s. keeling, Nov 18, 2003
    #12
  13. In article <>,
    says...
    > On 17 Nov 2003 04:44:08 -0800, wylbur37 <>:
    > > How can you really determine whether or not your computer has been
    > > infected by the Swen worm?

    >
    > Are you still being bombarded with swen? If so, you're not infected.
    > Or you're not running Windows, thereby disabling swen from inoculating
    > itself against further attack..
    >
    >
    >



    you've got to be kidding me.... this is "advice"? jesus.

    Just because you think this person is being bombarded with swen, they're
    not infected? Do you have a clue? That's one of the worst examples of
    "logic" that I've ever seen.

    Being bombarded with swen infected emails has absolutely nothing to do
    with the person being infected or not.



    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
     
    Colonel Flagg, Nov 18, 2003
    #13
  14. wylbur37

    LO&MsLO Guest

    On 18 Nov 2003 00:00:17 GMT, (s. keeling) wrote:

    >On 17 Nov 2003 04:44:08 -0800, wylbur37 <>:
    >> How can you really determine whether or not your computer has been
    >> infected by the Swen worm?

    >
    >Are you still being bombarded with swen? If so, you're not infected.
    >Or you're not running Windows, thereby disabling swen from inoculating
    >itself against further attack..


    Or you belong to Yahoo or MSN groups. Stop those and you will stop
    the Swen. In a year or two.

    John
     
    LO&MsLO, Nov 18, 2003
    #14
  15. wylbur37

    Mimic Guest

    "wylbur37" <> wrote in message
    news:...
    > How can you really determine whether or not your computer has been
    > infected by the Swen worm?
    >
    > Having an anti-virus program report "no infections" is not necessarily
    > conclusive since it's possible that the anti-virus program wasn't
    > updated, or the update didn't include the code for Swen.
    >
    > Is there a program available that was written specifically to detect
    > Swen?
    >
    > Alternatively, are there specific symptoms to look for (such as the
    > existence of certain files or executables) that would reveal the
    > presence of Swen?
    >
    > How can you be sure you didn't get infected by Swen?


    www.avp.ch
    www.symantec.com
    get a clue

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Nov 18, 2003
    #15
  16. wylbur37

    Jim Warren Guest

    Swen may have done us a favor. His virus is so annoying it may deter
    other hackers from writing viruses. Can't someone write an anti swen
    virus that infects every computer in the world by removing swen from
    their computer? Swen I know you are reading this because you probably
    want all the attention you can get and you are probably inudated by
    your own virus generated emails. How about turning this off.

    Thanks
    Jim

    Swen may you have an interesting life.





    On 17 Nov 2003 04:44:08 -0800, (wylbur37)
    wrote:

    >How can you really determine whether or not your computer has been
    >infected by the Swen worm?
    >
    >Having an anti-virus program report "no infections" is not necessarily
    >conclusive since it's possible that the anti-virus program wasn't
    >updated, or the update didn't include the code for Swen.
    >
    >Is there a program available that was written specifically to detect
    >Swen?
    >
    >Alternatively, are there specific symptoms to look for (such as the
    >existence of certain files or executables) that would reveal the
    >presence of Swen?
    >
    >How can you be sure you didn't get infected by Swen?
     
    Jim Warren, Nov 22, 2003
    #16
  17. wylbur37

    Jeff Guest

    On Mon, 17 Nov 2003 04:44:08 -0800, wylbur37 wrote:

    I'm running Gentoo linux, and thus immune to Swen, but that hasn't
    prevented me from getting pounded with attempts. A few months ago I
    suddenly started getting large numbers of them. At first, they were what I
    will call 'direct attacks' - i.e. an email sent to me masquerading as a MS
    update or something else I should run. But increasingly, they became
    notifications from ISP's that 'my' (virus laden) mail was undeliverable,
    from which I conclude that either my email address is the return address
    on attacks to other people - many of whom are bad addresses, or that this
    is actually a more subtle form of attack which attempts to get me to
    figure out what I was trying to send to someone by running it. Its hard to
    tell, as the so-called intended recipient is often a gibberish address.

    Its trivial to use procmail to filter these things (based on
    mime-content), so I've been keeping them for statistical purposes. Here is
    a graph of the inbound rate so far:

    http://home.comcast.net/~jcunningham63/linux/virusgraph.gif

    -Jeff Cunningham
     
    Jeff, Nov 22, 2003
    #17
  18. wylbur37

    why? Guest

    X-No-Archive: Yes
    X-Post trimmed to 24HSHD.
    On 17 Nov 2003 04:44:08 -0800, wylbur37 wrote:

    >How can you really determine whether or not your computer has been
    >infected by the Swen worm?


    Easy, I already do the simple things that stop my PC getting infected.

    Don't use OL/OE/HTML mail.

    Don't use webmail.

    I like my old email client that even balks at HTML, it's set to plain
    text. I can click the offline button after collecting mail, so nothing
    can automatically connect.

    Delete mail with attachments without opening it. Unless I know the
    sender and I asked for it.

    Any newsletters I subscribe to are always plain text, just in case of
    accidents at the other end.

    Simply paying attention to the MS Security site, that's been saying for
    a long time it does not mail out patches, only the notices.

    >Having an anti-virus program report "no infections" is not necessarily
    >conclusive since it's possible that the anti-virus program wasn't

    <snip>

    >How can you be sure you didn't get infected by Swen?


    Know what the process are, that run on your PC. Pay attention to notices
    posted on AV sites, use spyware / trojan detection apps as well as AV.
    Don't always rely on timed automatic updates, use manual updates in
    between or set the auto to a short time interval.

    Possibly apply the MS patch when it came out and not 1-2 years later
    after it's too late.

    Don't use MS IE is another option.


    Me
     
    why?, Nov 22, 2003
    #18
  19. On that special day, Jim Warren, () said...

    > Swen may you have an interesting life.


    Only that his name is Begbie (Slovakia). He dropped the name somewhere
    in the worm body.


    Gabriele Neukam




    --
    Ah, Information. A good, too valuable theses days, to give it away, just
    so, at no cost.
     
    Gabriele Neukam, Nov 22, 2003
    #19
  20. wylbur37

    Mimic Guest

    "Jim Warren" <> wrote in message
    news:p...
    > Swen may have done us a favor. His virus is so annoying it may deter
    > other hackers from writing viruses. Can't someone write an anti swen
    > virus that infects every computer in the world by removing swen from
    > their computer? Swen I know you are reading this because you probably
    > want all the attention you can get and you are probably inudated by
    > your own virus generated emails. How about turning this off.
    >
    > Thanks
    > Jim
    >
    > Swen may you have an interesting life.
    >




    I feel so unloved, I havent got single swen. Infact the only virus Ive had
    the past 6years is the blaster worm i picked up off a mpg on kazaa :p

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Nov 23, 2003
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thore Schmechtig
    Replies:
    17
    Views:
    796
    Gregg Dotoli
    Sep 27, 2003
  2. Thore Schmechtig

    [SWEN tiny FAQ] How to filter Swen mails with M$OE 6

    Thore Schmechtig, Sep 25, 2003, in forum: Computer Security
    Replies:
    19
    Views:
    582
    kd7sk
    Sep 27, 2003
  3. wylbur37

    How do you know you didn't get infected by Swen?

    wylbur37, Nov 17, 2003, in forum: Computer Security
    Replies:
    21
    Views:
    975
  4. Doug Fox
    Replies:
    10
    Views:
    730
    donutbandit
    Feb 28, 2004
  5. Jerry Attic

    20 THings You Didn't Know About XP

    Jerry Attic, Oct 16, 2006, in forum: Computer Support
    Replies:
    25
    Views:
    818
    Barry OGrady
    Oct 23, 2006
Loading...

Share This Page