unknown email : help

Discussion in 'Computer Information' started by kwijlebabulus, Jan 15, 2004.

  1. hello folks

    since a few days, i get emails containing viruses (at least thats what
    norton tells me)

    the emails are from : mircosoft cooperation network security center

    is this an official MS mail?
    i haven't done any updates for xp.
    or do i get this because i visited a MS site (a real MS site??) to
    look for that java-thing?

    i can't return or unsubscribe.

    has anyone of you the same problem?

    please help

    greets kwijl
    kwijlebabulus, Jan 15, 2004
    #1
    1. Advertising

  2. Re: SWEN/GIBE worm/virus was Re: unknown email : help

    hey Pepperoni

    i never opened those files/attachments!
    norton says -when the email is incomming-that there is a virus inside!

    all those 'senders' like admin, security,... i get also!

    the only thing i can do is changing my email adress!!

    i think i got it while looking for msjava!

    do you have an idea how to get rit of it?
    how does that mail find your email adres?

    greets kwijl
    kwijlebabulus, Jan 15, 2004
    #2
    1. Advertising

  3. kwijlebabulus

    Chet Guest

    They are NOT from Microsoft. Microsoft updates will never come to you via
    email. Monitor this newsgroup more often, this has been the subject of a
    large portion of postings for several months.
    "kwijlebabulus" <> wrote in message
    news:...
    > hello folks
    >
    > since a few days, i get emails containing viruses (at least thats what
    > norton tells me)
    >
    > the emails are from : mircosoft cooperation network security center
    >
    > is this an official MS mail?
    > i haven't done any updates for xp.
    > or do i get this because i visited a MS site (a real MS site??) to
    > look for that java-thing?
    >
    > i can't return or unsubscribe.
    >
    > has anyone of you the same problem?
    >
    > please help
    >
    > greets kwijl
    >
    Chet, Jan 15, 2004
    #3
  4. kwijlebabulus

    Pepperoni Guest

    SWEN/GIBE worm/virus was Re: unknown email : help

    Do NOT open the attachments. It is an old virus, but very convincing. I
    have a mail account that is unusable because of this virus. They are still
    arriving. They come in many different forms.
    http://home.comcast.net/~thuxton/mailbox.htm

    They began arriving in mid September, and apparently are going to be with us
    for a long time.
    Beware of mail from "postmaster", "Administrator", "Security Services",
    "Internet Services", and many other official sounding senders. The
    attachment size varies, but is usually 144k to 207k.

    It is the Swen (or Gibe, or swan---varies) virus (actually an internet worm)
    http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100662

    Be careful with any attached files, Microsoft NEVER emails any updates.

    If you have become infected, see your Anti Virus site for instructions. The
    Stinger utility
    http://vil.nai.com/vil/stinger/
    MAY remove the virus, but it changes so fast that it may be unreliable.

    Check back here for more info. Our resident experts may have more
    up-to-date information.

    Pepperoni


    "kwijlebabulus" <> wrote in message
    news:...
    > hello folks
    >
    > since a few days, i get emails containing viruses (at least thats what
    > norton tells me)
    >
    > the emails are from : mircosoft cooperation network security center
    >
    > is this an official MS mail?
    > i haven't done any updates for xp.
    > or do i get this because i visited a MS site (a real MS site??) to
    > look for that java-thing?
    >
    > i can't return or unsubscribe.
    >
    > has anyone of you the same problem?
    >
    > please help
    >
    > greets kwijl
    >
    Pepperoni, Jan 15, 2004
    #4
  5. kwijlebabulus

    Pepperoni Guest

    Re: SWEN/GIBE worm/virus was Re: unknown email : help

    I forgot to mention that Swen/Gibe disables antivirus products and
    interferes with regedit and other resources necessary to clean the
    infection.

    This virus is also posted to a great umber of binary groups where it may be
    mistaken for photos and music files, be very careful when downloading any
    files in newsgroups.
    ----------------------------
    The worm terminates various processes on the victim machine (see below).
    Interesting, the list includes "gibe"!

    If one of these processes is started when the worm is running, a fake error
    message is displayed "Memory access violation in module kernel32 at
    (number)".

    _avp
    ackwin32
    amserv
    anti-troj
    aplica32
    apvxdwin
    autodown
    avconsol
    ave32
    avgcc32
    avgctrl
    avgw
    avkserv
    avnt
    avp
    avsched32
    avwin95
    avwupd32
    blackd
    blackice
    bootwarn
    ccapp
    ccshtdwn
    cfiadmi
    cfiaudit
    cfind
    cfinet
    claw95
    dv95
    ecengine
    efinet32
    esafe
    espwatch
    f-agnt95
    f-prot
    f-prot95
    f-stopw
    findviru
    fp-win
    fprot
    fprot95
    frw
    gibe
    iamapp
    ibmasn
    ibmavsp
    icload95
    icloadnt
    icmon
    icmoon
    icssuppnt
    icsupp
    iface
    iomon98
    jedi
    kpfw32
    lockdown2000
    lookout
    lu32
    luall
    moolive
    mpftray
    msconfig
    nai_vs_stat
    nav
    navapw32
    navnt
    navsched
    navw
    nisum
    nmain
    normist
    nupdate
    nupgrade
    nvc95
    outpost
    padmin
    pavcl
    pavsched
    pavw
    pcciomon
    pccmain
    pccwin98
    pcfwallicon
    persfw
    pop3trap
    rav
    regedit
    rescue
    safeweb
    serv95
    sphinx
    sweep
    tca
    tds2
    vcleaner
    vcontrol
    vet32
    vet95
    vet98
    vettray
    view
    vscan
    vsecomr
    vshwin32
    vsstat
    webtrap
    wfindv32
    zapro
    zonealarm
    If one of these processes is started when the worm is running, a fake error
    message is displayed "Memory access violation in module kernel32 at
    (number)".
    ----------------------

    Pepperoni


    "Pepperoni" <> wrote in message
    news:bu5vc6$e40pk$-berlin.de...
    > Do NOT open the attachments. It is an old virus, but very convincing. I
    > have a mail account that is unusable because of this virus. They are

    still
    > arriving. They come in many different forms.
    > http://home.comcast.net/~thuxton/mailbox.htm
    >
    > They began arriving in mid September, and apparently are going to be with

    us
    > for a long time.
    > Beware of mail from "postmaster", "Administrator", "Security Services",
    > "Internet Services", and many other official sounding senders. The
    > attachment size varies, but is usually 144k to 207k.
    >
    > It is the Swen (or Gibe, or swan---varies) virus (actually an internet

    worm)
    > http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100662
    >
    > Be careful with any attached files, Microsoft NEVER emails any updates.
    >
    > If you have become infected, see your Anti Virus site for instructions.

    The
    > Stinger utility
    > http://vil.nai.com/vil/stinger/
    > MAY remove the virus, but it changes so fast that it may be unreliable.
    >
    > Check back here for more info. Our resident experts may have more
    > up-to-date information.
    >
    > Pepperoni
    >
    >
    > "kwijlebabulus" <> wrote in message
    > news:...
    > > hello folks
    > >
    > > since a few days, i get emails containing viruses (at least thats what
    > > norton tells me)
    > >
    > > the emails are from : mircosoft cooperation network security center
    > >
    > > is this an official MS mail?
    > > i haven't done any updates for xp.
    > > or do i get this because i visited a MS site (a real MS site??) to
    > > look for that java-thing?
    > >
    > > i can't return or unsubscribe.
    > >
    > > has anyone of you the same problem?
    > >
    > > please help
    > >
    > > greets kwijl
    > >

    >
    >
    Pepperoni, Jan 15, 2004
    #5
  6. kwijlebabulus

    Jeremy Guest

    Re: SWEN/GIBE worm/virus was Re: unknown email : help

    Pepperoni wrote:
    >
    > Sometimes purporting to be a Microsoft Security Update, this worm is
    > intended to propagate via various mechanisms:
    >
    > mailing itself to recipients extracted from the victim machine
    > copying itself over network shares (mapped drives)
    > sharing itself over the KaZaa P2P network
    > sending itself via IRC
    > --------------------------------
    >


    > >

    The best way is to install mailwasher and blacklist and delete before
    downloading. Do not bother with the bounce feature, it is just wasting
    time and capacity.
    The mailwasher filters can be set to catch 90% of the incoming swen and
    it takes seconds to deal with the rest.

    JJ
    Jeremy, Jan 15, 2004
    #6
  7. kwijlebabulus

    Pepperoni Guest

    Re: SWEN/GIBE worm/virus was Re: unknown email : help

    Sometimes purporting to be a Microsoft Security Update, this worm is
    intended to propagate via various mechanisms:

    mailing itself to recipients extracted from the victim machine
    copying itself over network shares (mapped drives)
    sharing itself over the KaZaa P2P network
    sending itself via IRC
    --------------------------------

    This thing finds addresses on other machines. Someone you know may be
    infected. Some file sharing systems are vulnerable. Many of us believe
    that Swen finds addresses in newsgroups like this one. I have several
    hotmail accounts, and only one of them is affected; it has killed that
    account by filling the box every day and bouncing mail. It also searches
    infected machines for addresses, and someone who is infected may merely
    have one of your old newsgroup posts on their machine, or even your mail
    server may have been infected. I don't know how it got that address. The
    best thing to do is claim a new account.

    For some reason, hotmail does not drop this crap at the server level. They
    have the capability to do so, but they don't seem to be interested in
    stopping the thing, even though it must be a terrible drain on their
    resources. Perhaps they have a hidden interest in messing up
    machines.......hmmmmm.

    The best thing to do is to keep your antivirus running, and up to date.
    This thing is a nuisance, but the next one may be sneaky AND also DEADLY.
    Swen has been around a long time, and new victims fall for it every day.

    Pepperoni

    "kwijlebabulus" <> wrote in message
    news:...
    > hey Pepperoni
    >
    > i never opened those files/attachments!
    > norton says -when the email is incomming-that there is a virus inside!
    >
    > all those 'senders' like admin, security,... i get also!
    >
    > the only thing i can do is changing my email adress!!
    >
    > i think i got it while looking for msjava!
    >
    > do you have an idea how to get rit of it?
    > how does that mail find your email adres?
    >
    > greets kwijl
    >
    Pepperoni, Jan 15, 2004
    #7
  8. Re: SWEN/GIBE worm/virus was Re: unknown email : help

    and where do i find those magic washers?

    Jeremy wrote:

    > Pepperoni wrote:
    > >
    > > Sometimes purporting to be a Microsoft Security Update, this worm is
    > > intended to propagate via various mechanisms:
    > >
    > > mailing itself to recipients extracted from the victim machine
    > > copying itself over network shares (mapped drives)
    > > sharing itself over the KaZaa P2P network
    > > sending itself via IRC
    > > --------------------------------
    > >

    >
    > > >

    > The best way is to install mailwasher and blacklist and delete before
    > downloading. Do not bother with the bounce feature, it is just wasting
    > time and capacity.
    > The mailwasher filters can be set to catch 90% of the incoming swen and
    > it takes seconds to deal with the rest.
    >
    > JJ
    kwijlebabulus, Jan 15, 2004
    #8
  9. kwijlebabulus

    Jeremy Guest

    Re: SWEN/GIBE worm/virus was Re: unknown email : help

    kwijlebabulus wrote:
    >
    > and where do i find those magic washers?
    >
    >


    <http://www.firetrust.com/home/>

    hit free download
    JJ
    Jeremy, Jan 15, 2004
    #9
  10. Re: SWEN/GIBE worm/virus was Re: unknown email : help

    thx J

    i'm stil wondering

    do those 'spamers' need your email adres for it?
    or does it work with cookis?
    or with someting els on your pc?

    greets kwijl
    alexander rickert, Jan 15, 2004
    #10
  11. kwijlebabulus

    derek / nul Guest

    Re: SWEN/GIBE worm/virus was Re: unknown email : help

    yes they need your email address.

    On Thu, 15 Jan 2004 19:56:16 GMT, alexander rickert <>
    wrote:

    >thx J
    >
    >i'm stil wondering
    >
    >do those 'spamers' need your email adres for it?
    >or does it work with cookis?
    >or with someting els on your pc?
    >
    >greets kwijl
    >
    derek / nul, Jan 16, 2004
    #11
  12. Re: SWEN/GIBE worm/virus was Re: unknown email : help

    so if i would put a number or my name between ( ), i am more or less ave for
    those auto replies from those spam things?

    greets
    alexander rickert, Jan 16, 2004
    #12
  13. kwijlebabulus

    Tony Guest

    Does anyone have the IP address of the senders of these messages?
    (header info)


    http://security1.norton.com/ssc/vr_main.asp?langid=us&venid=sym&plfid=23

    The above link will allow you to trace IP address. For better results,
    use NeoTrace or NeoTrace Express.

    ┬╗Tony

    "Chet" <> wrote in message news:<2CxNb.73157$I06.326677@attbi_s01>...
    > They are NOT from Microsoft. Microsoft updates will never come to you via
    > email. Monitor this newsgroup more often, this has been the subject of a
    > large portion of postings for several months.
    > "kwijlebabulus" <> wrote in message
    > news:...
    > > hello folks
    > >
    > > since a few days, i get emails containing viruses (at least thats what
    > > norton tells me)
    > >
    > > the emails are from : mircosoft cooperation network security center
    > >
    > > is this an official MS mail?
    > > i haven't done any updates for xp.
    > > or do i get this because i visited a MS site (a real MS site??) to
    > > look for that java-thing?
    > >
    > > i can't return or unsubscribe.
    > >
    > > has anyone of you the same problem?
    > >
    > > please help
    > >
    > > greets kwijl
    > >
    Tony, Jan 16, 2004
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mr.SlippyFist

    Computer is restarting for some unknown reason. Help!

    Mr.SlippyFist, Dec 17, 2003, in forum: Computer Support
    Replies:
    15
    Views:
    875
    Barry OGrady
    Dec 20, 2003
  2. Martin

    Help Needed !-->unknown referer ??

    Martin, Dec 5, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    769
    The Old Sourdough
    Dec 5, 2004
  3. =?Utf-8?B?TWF0dA==?=

    HELP Unknown Process

    =?Utf-8?B?TWF0dA==?=, Oct 12, 2007, in forum: Windows 64bit
    Replies:
    1
    Views:
    398
    Dennis Pack
    Oct 12, 2007
  4. Guest
    Replies:
    2
    Views:
    575
    J.W.C
    Jan 29, 2004
  5. Andy Ruth [MS]
    Replies:
    0
    Views:
    468
    Andy Ruth [MS]
    Jan 28, 2004
Loading...

Share This Page