How do you know you didn't get infected by Swen?

Discussion in 'Computer Security' started by wylbur37, Nov 17, 2003.

  1. wylbur37

    wylbur37 Guest

    How can you really determine whether or not your computer has been
    infected by the Swen worm?

    Having an anti-virus program report "no infections" is not necessarily
    conclusive since it's possible that the anti-virus program wasn't
    updated, or the update didn't include the code for Swen.

    Is there a program available that was written specifically to detect
    Swen?

    Alternatively, are there specific symptoms to look for (such as the
    existence of certain files or executables) that would reveal the
    presence of Swen?

    How can you be sure you didn't get infected by Swen?
     
    wylbur37, Nov 17, 2003
    #1
    1. Advertising

  2. http://housecall.trendmicro.com/ - online virus scanner.

    --Tina
    --
    http://www.AffordableHOST.com
    20% Discount Code: newsgroup
    Serving the web since 1997

    "wylbur37" <> wrote in message
    news:...
    > How can you really determine whether or not your computer has been
    > infected by the Swen worm?
    >
    > Having an anti-virus program report "no infections" is not necessarily
    > conclusive since it's possible that the anti-virus program wasn't
    > updated, or the update didn't include the code for Swen.
    >
    > Is there a program available that was written specifically to detect
    > Swen?
    >
    > Alternatively, are there specific symptoms to look for (such as the
    > existence of certain files or executables) that would reveal the
    > presence of Swen?
    >
    > How can you be sure you didn't get infected by Swen?
     
    Tina - AffordableHOST.com, Nov 17, 2003
    #2
    1. Advertising

  3. wylbur37 wrote:

    > How can you be sure you didn't get infected by Swen?


    By running Linux.

    --
    David.
     
    David F. Skoll, Nov 17, 2003
    #3
  4. wylbur37 wrote:

    > Is there a program available that was written specifically to detect
    > Swen?
    >
    > Alternatively, are there specific symptoms to look for (such as the
    > existence of certain files or executables) that would reveal the
    > presence of Swen?


    Please see e.g. <URL:http://vil.nai.com/vil/content/v_100662.htm>.

    Follow-ups set.

    Thor

    --
    http://thorweb.anta.net/
     
    Thor Kottelin, Nov 17, 2003
    #4
  5. wylbur37

    Ben Myers Guest

    The most prominent symptom is probably the inability to run regedit.
    There are Swen specific removal tools.

    http://www.symantec.com/avcenter/venc/data/
    http://www.bullguard.com/antivirus/vit_swen_a.aspx

    Ben

    wylbur37 <> wrote in message news:...
    > How can you really determine whether or not your computer has been
    > infected by the Swen worm?
    >
    > Having an anti-virus program report "no infections" is not necessarily
    > conclusive since it's possible that the anti-virus program wasn't
    > updated, or the update didn't include the code for Swen.
    >
    > Is there a program available that was written specifically to detect
    > Swen?
    >
    > Alternatively, are there specific symptoms to look for (such as the
    > existence of certain files or executables) that would reveal the
    > presence of Swen?
    >
    > How can you be sure you didn't get infected by Swen?
     
    Ben Myers, Nov 17, 2003
    #5
  6. wylbur37

    s. keeling Guest

    On 17 Nov 2003 04:44:08 -0800, wylbur37 <>:
    > How can you really determine whether or not your computer has been
    > infected by the Swen worm?


    Are you still being bombarded with swen? If so, you're not infected.
    Or you're not running Windows, thereby disabling swen from inoculating
    itself against further attack..


    --
    Any technology distinguishable from magic is insufficiently advanced.
    (*) http://www.spots.ab.ca/~keeling
    - - http://learn.to/quote (Deutsch) http://quote.6x.to (Eng.)
    Spammers! http://www.spots.ab.ca/~keeling/spammers.html
     
    s. keeling, Nov 18, 2003
    #6
  7. In article <>,
    says...
    > On 17 Nov 2003 04:44:08 -0800, wylbur37 <>:
    > > How can you really determine whether or not your computer has been
    > > infected by the Swen worm?

    >
    > Are you still being bombarded with swen? If so, you're not infected.
    > Or you're not running Windows, thereby disabling swen from inoculating
    > itself against further attack..
    >
    >
    >



    you've got to be kidding me.... this is "advice"? jesus.

    Just because you think this person is being bombarded with swen, they're
    not infected? Do you have a clue? That's one of the worst examples of
    "logic" that I've ever seen.

    Being bombarded with swen infected emails has absolutely nothing to do
    with the person being infected or not.



    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
     
    Colonel Flagg, Nov 18, 2003
    #7
  8. wylbur37

    LO&MsLO Guest

    On 18 Nov 2003 00:00:17 GMT, (s. keeling) wrote:

    >On 17 Nov 2003 04:44:08 -0800, wylbur37 <>:
    >> How can you really determine whether or not your computer has been
    >> infected by the Swen worm?

    >
    >Are you still being bombarded with swen? If so, you're not infected.
    >Or you're not running Windows, thereby disabling swen from inoculating
    >itself against further attack..


    Or you belong to Yahoo or MSN groups. Stop those and you will stop
    the Swen. In a year or two.

    John
     
    LO&MsLO, Nov 18, 2003
    #8
  9. wylbur37

    Mimic Guest

    "wylbur37" <> wrote in message
    news:...
    > How can you really determine whether or not your computer has been
    > infected by the Swen worm?
    >
    > Having an anti-virus program report "no infections" is not necessarily
    > conclusive since it's possible that the anti-virus program wasn't
    > updated, or the update didn't include the code for Swen.
    >
    > Is there a program available that was written specifically to detect
    > Swen?
    >
    > Alternatively, are there specific symptoms to look for (such as the
    > existence of certain files or executables) that would reveal the
    > presence of Swen?
    >
    > How can you be sure you didn't get infected by Swen?


    www.avp.ch
    www.symantec.com
    get a clue

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Nov 18, 2003
    #9
  10. wylbur37

    Colonel Guest

    Hey wylbur,

    Sorry to see that your plea for help evoked as many attitude responses as
    advice responses. Also, I may be wasting my time because I am thinking that
    since you cross posted your request for help to so many places, and I am
    only replying in here, you may not monitor this group for individual
    responses.

    Now, I am nothing but the average household variety computer user. I think I
    can pass on a couple valuable suggestions in spite of my shortcomings.

    Two things can be a big help to you. One is to create a boot floppy
    according to your AV instructions. This protects you by allowing you to run
    a scan before boot up from the floppy, since some nasties reconfigure or
    disable your AV and or firewall. The second thing is to take advantage of
    any of the online virus scans. These do not rely on the operation of your AV
    software or the virus definitions contained in your AV.

    The recent collusion between the spammers and hackers has really ratcheted
    up the deceit and sophistication. A recent variant installs 2 copies of
    itself. If you try to delete copy 1, copy 2 will reinstall it. Delete copy 2
    and copy 1 will reinstall it. They also can reconfigure your AV and firewall
    and do stuff like disable your keyboard and mouse. In short, they have
    declared war on us all. They are determined to make us all spam robots. Of
    course we still have the identity thieves and credit card fraud to deal with
    such as the recent ebay situation where the thieves actually made a replica
    of the ebay web site to lure people into giving out their financial and
    credit card info.

    Computing is no longer commerce made easy or fun on the playground. It is
    now war on the battlefield.

    A note to any potential responders: If I fail to sound like an expert or
    fail to speak proper computerese, or sound like an idiot, deal with it. If I
    have given flawed or incomplete advice then by all means correct me.
     
    Colonel , Nov 19, 2003
    #10
  11. wylbur37

    Jim Warren Guest

    Swen may have done us a favor. His virus is so annoying it may deter
    other hackers from writing viruses. Can't someone write an anti swen
    virus that infects every computer in the world by removing swen from
    their computer? Swen I know you are reading this because you probably
    want all the attention you can get and you are probably inudated by
    your own virus generated emails. How about turning this off.

    Thanks
    Jim

    Swen may you have an interesting life.





    On 17 Nov 2003 04:44:08 -0800, (wylbur37)
    wrote:

    >How can you really determine whether or not your computer has been
    >infected by the Swen worm?
    >
    >Having an anti-virus program report "no infections" is not necessarily
    >conclusive since it's possible that the anti-virus program wasn't
    >updated, or the update didn't include the code for Swen.
    >
    >Is there a program available that was written specifically to detect
    >Swen?
    >
    >Alternatively, are there specific symptoms to look for (such as the
    >existence of certain files or executables) that would reveal the
    >presence of Swen?
    >
    >How can you be sure you didn't get infected by Swen?
     
    Jim Warren, Nov 22, 2003
    #11
  12. wylbur37

    Jeff Guest

    On Mon, 17 Nov 2003 04:44:08 -0800, wylbur37 wrote:

    I'm running Gentoo linux, and thus immune to Swen, but that hasn't
    prevented me from getting pounded with attempts. A few months ago I
    suddenly started getting large numbers of them. At first, they were what I
    will call 'direct attacks' - i.e. an email sent to me masquerading as a MS
    update or something else I should run. But increasingly, they became
    notifications from ISP's that 'my' (virus laden) mail was undeliverable,
    from which I conclude that either my email address is the return address
    on attacks to other people - many of whom are bad addresses, or that this
    is actually a more subtle form of attack which attempts to get me to
    figure out what I was trying to send to someone by running it. Its hard to
    tell, as the so-called intended recipient is often a gibberish address.

    Its trivial to use procmail to filter these things (based on
    mime-content), so I've been keeping them for statistical purposes. Here is
    a graph of the inbound rate so far:

    http://home.comcast.net/~jcunningham63/linux/virusgraph.gif

    -Jeff Cunningham
     
    Jeff, Nov 22, 2003
    #12
  13. On that special day, Jim Warren, () said...

    > Swen may you have an interesting life.


    Only that his name is Begbie (Slovakia). He dropped the name somewhere
    in the worm body.


    Gabriele Neukam




    --
    Ah, Information. A good, too valuable theses days, to give it away, just
    so, at no cost.
     
    Gabriele Neukam, Nov 22, 2003
    #13
  14. wylbur37

    Transmute Guest

    On 2003-11-22, Gabriele Neukam <> said:
    > On that special day, Jim Warren, () said...
    >
    >> Swen may you have an interesting life.

    >
    > Only that his name is Begbie (Slovakia). He dropped the name somewhere
    > in the worm body.


    Interesting. If there was any justice in the world, it wouldn't matter
    what his birth name was. He would just be Bubba's new bitch. With a
    whole load of nasty things dropped into *his* body.

    Regards,

    Pete.

    --
    http://homepage.ntlworld.com/alternative.carpark
     
    Transmute, Nov 22, 2003
    #14
  15. wylbur37

    Mimic Guest

    "Jim Warren" <> wrote in message
    news:p...
    > Swen may have done us a favor. His virus is so annoying it may deter
    > other hackers from writing viruses. Can't someone write an anti swen
    > virus that infects every computer in the world by removing swen from
    > their computer? Swen I know you are reading this because you probably
    > want all the attention you can get and you are probably inudated by
    > your own virus generated emails. How about turning this off.
    >
    > Thanks
    > Jim
    >
    > Swen may you have an interesting life.
    >




    I feel so unloved, I havent got single swen. Infact the only virus Ive had
    the past 6years is the blaster worm i picked up off a mpg on kazaa :p

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Nov 23, 2003
    #15
  16. On Sun, 23 Nov 2003 00:53:22 -0000, "Mimic" <> wrote:

    >I feel so unloved, I havent got single swen. Infact the only virus Ive had
    >the past 6years is the blaster worm i picked up off a mpg on kazaa :p


    All of yours are being sent to yeonho,Lee. At least that's the
    name of the registrant for the domain void.net.

    Regards, Dave Hodgins
    --
    Change nospam.invalid to rogers.com to reply by email.
     
    David W. Hodgins, Nov 23, 2003
    #16
  17. wylbur37

    Mimic Guest

    "David W. Hodgins" <> wrote in message
    news:...
    > On Sun, 23 Nov 2003 00:53:22 -0000, "Mimic" <> wrote:
    >
    > >I feel so unloved, I havent got single swen. Infact the only virus Ive

    had
    > >the past 6years is the blaster worm i picked up off a mpg on kazaa :p

    >
    > All of yours are being sent to yeonho,Lee. At least that's the
    > name of the registrant for the domain void.net.
    >
    > Regards, Dave Hodgins
    > --
    > Change nospam.invalid to rogers.com to reply by email.


    LOL

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Nov 23, 2003
    #17
  18. Mimic wrote:
    > "David W. Hodgins" <> wrote in message
    > news:...
    >
    >>On Sun, 23 Nov 2003 00:53:22 -0000, "Mimic" <> wrote:
    >>
    >>
    >>>I feel so unloved, I havent got single swen. Infact the only virus Ive

    >
    > had
    >
    >>>the past 6years is the blaster worm i picked up off a mpg on kazaa :p

    >>
    >>All of yours are being sent to yeonho,Lee. At least that's the
    >>name of the registrant for the domain void.net.
    >>
    >>Regards, Dave Hodgins
    >>--
    >>Change nospam.invalid to rogers.com to reply by email.

    >
    >
    > LOL


    You may LOL but Dave was being serious. Using a domain that is registered to
    someone else means exactly what he said. That address may/will be harvested from
    Usenet posts and the owner of the void.net domain may/will get any nasty stuff
    that you would have got had your address been there. Lets just hope he has the
    facility to reject mail sent to "null". I get loads of crap that gets rejected
    by my mail server that is sent to user "newsgroups".

    Maybe you could mask your real address in another more net friendly way....?

    --
    Richard Howlett

    Mail to "newsgroups" will be rejected.
    Mail to my forename will not.
     
    Richard Howlett, Nov 24, 2003
    #18
  19. wylbur37

    Bill Guest

    On Mon, 24 Nov 2003 02:09:17 +0000, Richard Howlett
    <> wrote:

    >Maybe you could mask your real address in another more net friendly way



    That or use microsoft.com
     
    Bill, Nov 24, 2003
    #19
  20. I have had the same problem as you have and it started from this
    newsgroup but whomever sent it to me...you where not successful in
    tricking me into thinking that that was a security patch.Anyway...Just
    change your password for whatever server you use and create filters to
    catch the virus before it reaches you.Hope that helps you.


    On 17 Nov 2003 04:44:08 -0800, (wylbur37)
    wrote:

    >How can you really determine whether or not your computer has been
    >infected by the Swen worm?
    >
    >Having an anti-virus program report "no infections" is not necessarily
    >conclusive since it's possible that the anti-virus program wasn't
    >updated, or the update didn't include the code for Swen.
    >
    >Is there a program available that was written specifically to detect
    >Swen?
    >
    >Alternatively, are there specific symptoms to look for (such as the
    >existence of certain files or executables) that would reveal the
    >presence of Swen?
    >
    >How can you be sure you didn't get infected by Swen?
     
    Cyberphreak101, Nov 27, 2003
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. wylbur37

    How do you know you didn't get infected by Swen?

    wylbur37, Nov 17, 2003, in forum: Computer Support
    Replies:
    28
    Views:
    845
    M Mullen
    Nov 28, 2003
  2. Thore Schmechtig
    Replies:
    17
    Views:
    828
    Gregg Dotoli
    Sep 27, 2003
  3. Thore Schmechtig

    [SWEN tiny FAQ] How to filter Swen mails with M$OE 6

    Thore Schmechtig, Sep 25, 2003, in forum: Computer Security
    Replies:
    19
    Views:
    612
    kd7sk
    Sep 27, 2003
  4. Doug Fox
    Replies:
    10
    Views:
    759
    donutbandit
    Feb 28, 2004
  5. Jerry Attic

    20 THings You Didn't Know About XP

    Jerry Attic, Oct 16, 2006, in forum: Computer Support
    Replies:
    25
    Views:
    838
    Barry OGrady
    Oct 23, 2006
Loading...

Share This Page