Re: [ql-users] Caution- BugBear Virus (from another PC)
I was also caught out -setting up another PC for my daughter starting university. Checked that I'd set the email up correctly for her, and it was in the first mail received - I hadn't remembered to change lookout's default config. My virus checker that I'd installed a few days earlier was out of date! Noticing the problem immediately (it killed the Zone Alarm firewall), I disconnected, and used "find" to locate the files with the same create time as that of the email receipt. I tried to rename the suspicious files but couldn't -some were in use by windows, so I then booted to dos prompt, renamed them, and then did a scanreg /restore to go back to an older version of the registry. Then, and only then did I go back online, updated my virus checker, ran it, (it confirmed that the renamed files contained bugbear), and deleted the files permanently. Rebooted, and ran the virus checker again -no viruses found -job done. One of the reasons that I'm very suspicious of the newer flavours of windows which suposedly aren't built on DOS is that if windows is using the files you can't delete them, but if you can't stop windows from using them I think it's only a matter of time before a virus is developed that cannot be successfully disembedded from Windows short of a full re-install. Actually, come to think about it, there are several out there already.. Windows 98, Windows Me, ... Jeremy - Original Message - From: <[EMAIL PROTECTED]> To: "ql-users" <[EMAIL PROTECTED]> Sent: Monday, October 07, 2002 7:52 AM Subject: Re: [ql-users] Caution- BugBear Virus (from another PC) First of all sorry for my bad english. and sorry also for the virus :-( I use AVG but my database virus was (sic!) out fo date. My error. No italian restaurant, mafia connection or other stupid post :-/ Now I've updated the database. AVG now detect the worm but can't remove it Any suggestion? Mr Bergen, antivirus are a good solution for the virus problem but is there any solution for your idiocy? :-/ Giorgio Garabello
Re: [ql-users] Caution- BugBear Virus (from another PC)
At 02:43 ìì 7/10/2002, you wrote: To add to what Stephen said, If you are using Eudora (and haven't turned Microsoft Viewer on) removal is easier than that. First delete the message, then go to the attachment directory (usually under x:\Program Files\Qualcomm\Eudora\Attach\) and delete setup.scr And you're all set. If you are using Opera or Netscape, a simple delete of the message will kill the attachment as well Phoebus
Re: [ql-users] Caution- BugBear Virus (from another PC)
McAfee have a removal utility called Stinger at: http://vil.nai.com/vil/stinger/ which I used to check my machine. I don'tknow how effective it is as I had already removed most of the virus manually and then used AVG to finish it off by the time I downloaded Stinger.Further information may be found at: http://vil.mcafee.com/dispVirus.asp?virus_k=99728 I understand that there is another utility at: http:[EMAIL PROTECTED]It may be necessary to remove the registry entry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce, and reboot before AVG can get at the virus .exe file. I had booted from a clean floppy and simply deleted it but that was only because my firewall hadalready reported the .exe name.If you are using WindowsME then the virus will tend to get stick in your _RESTORE directory but it won't do any harm there as long as you don't attempt a system restore.Good luck!Stephen---Outgoing mail is certified Virus Free.Checked by AVG anti-virus system (http://www.grisoft.com).Version: 6.0.394 / Virus Database: 224 - Release Date: 03/10/2002
Re: [ql-users] Caution- BugBear Virus (from another PC)
McAfee have a removal utility called Stinger at: http://vil.nai.com/vil/stinger/ which I used to check my machine. I don't know how effective it is as I had already removed most of the virus manually and then used AVG to finish it off by the time I downloaded Stinger. Further information may be found at: http://vil.mcafee.com/dispVirus.asp?virus_k=99728 It may be necessary to remove the registry entry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce, and reboot before AVG can get at the virus .exe file. I had booted from a clean floppy and simply deleted it but that was only because my firewall had already reported the .exe name. If you are using WindowsME then the virus will tend to get stick in your _RESTORE directory but it won't do any harm there as long as you don't attempt a system restore. Good luck! Stephen --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.394 / Virus Database: 224 - Release Date: 03/10/2002
Re: [ql-users] Caution- BugBear Virus
Tony Firshman wrote: > Sorry - must have missed it. > It is there now: > * *** *** 6.00.2600. (this line was censored) Oh no!!! What did you do Tony! You spelled THE NAME. Probably something teribble will happen - an earthquake, a release of a new piece of M$oftware or the return of the spice girls, maybe even something worse. But it will be definitely your fault! > It would be great if you could explain how you quoted 'normally' this > time, or did you do it manually? Must admit I did manually but - it is getting better all the time - this time my reply contains automatically generated quotation marks. Greetings Michael
Re: [ql-users] Caution- BugBear Virus
On Mon, 7 Oct 2002 at 13:50:01, Michael Berger wrote: (ref: <000101c26df8$46f0d320$ac0e01d9@1und11010841>) > >Tony Firshman wrote: > >> Interestingly whatever mailer you use does not identify itself in the >> header, so I guess it cannot be 'that which shall not be named' (8-)# > >Now that is funny ... in fact it is. Looks like the program behaves the same >as we do. > Sorry - must have missed it. It is there now: Microsoft Outlook Express 6.00.2600. It would be great if you could explain how you quoted 'normally' this time, or did you do it manually? -- QBBS (QL fido BBS 2:252/67) +44(0)1442-828255 tony@.demon.co.uk http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
Re: [ql-users] Caution- BugBear Virus (from another PC)
> It was really not my intention to be offending - that was just a joke. I > understand from your reaction that it was not a good one. So > please accept my apologies. Ok, no problem. My english is very poor and is also easy for me to misunterstand the intention or the tone of a post. Giorgio Garabello
Re: [ql-users] Caution- BugBear Virus
Tony Firshman wrote: > Interestingly whatever mailer you use does not identify itself in the > header, so I guess it cannot be 'that which shall not be named' (8-)# Now that is funny ... in fact it is. Looks like the program behaves the same as we do.
Re: [ql-users] Caution- BugBear Virus (from another PC)
Giorgio, It was really not my intention to be offending - that was just a joke. I understand from your reaction that it was not a good one. So please accept my apologies. Greetings Michael > Mr Bergen, antivirus are a good solution for the virus problem but > is there any solution for your idiocy? :-/
Re: [ql-users] Caution- BugBear Virus
On Mon, 7 Oct 2002 at 00:14:44, Michael Berger wrote: (ref: <002301c26d85$c777f280$d60e01d9@1und11010841>) >To come back to the beginning of the discussion: the good news - I am >convinced that this newsgroup with its fashion of > (or >> or >>>) as state >of the art of attachments is definitely non-vulnerable for this kind of >attack. This is _not_ a newsgroup of course - just a collection of emails (mailing list). In my experience, not just this mailing list but most newsgroups (ie non 'bainary' [sic] newsgroups) are very against any 'binary' arriving. for very good reason. Even the electronic card subscripts and html can cause real havoc for people using text only systems. (Spike - are you listening?). The 'fashion' (as you call it ) of '>' is surely the norm. Not only does it help readability, but aids snipping (and working out attribution). Your fashion of not adding these is very much in the minority, and confusing. Interestingly whatever mailer you use does not identify itself in the header, so I guess it cannot be 'that which shall not be named' (8-)# -- QBBS (QL fido BBS 2:252/67) +44(0)1442-828255 tony@.demon.co.uk http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
RE: [ql-users] Caution- BugBear Virus (from another PC)
I believe that there is a bugbear disinfectant available from one of the major anti virus distributions whcih will remove all traces of bugbear from an infected system. I can't remember if it is McAffee or Sophos - sorry. HTH Norman. - Norman Dunbar Database/Unix administrator Lynx Financial Systems Ltd. mailto:[EMAIL PROTECTED] Tel: 0113 289 6265 Fax: 0113 289 3146 URL: http://www.Lynx-FS.com - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 7:53 AM To: ql-users Subject: Re: [ql-users] Caution- BugBear Virus (from another PC) Now I've updated the database. AVG now detect the worm but can't remove it Any suggestion? This email is intended only for the use of the addressees named above and may be confidential or legally privileged. If you are not an addressee you must not read it and must not use any information contained in it, nor copy it, nor inform any person other than Lynx Financial Systems or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the Lynx Financial Systems IT Department on 0113 2892990.
Re: [ql-users] Caution- BugBear Virus
On Sun, 6 Oct 2002 at 20:08:07, Roy Wood wrote: (ref: <[EMAIL PROTECTED]>) > >In message, >=?windows-1253?Q?=D6=EF=DF=E2=EF=F2=20=D1.=20=CD=F4=FC=EA=EF=F2?= ><[EMAIL PROTECTED]> writes >> >>Hi All, >>Please be cautioned that Giorgio's been infected with the BugBear Worm. >>Do not Open the attachment (unless LookOut Distress did that already >>for you...) >> >>AVG does remove it. >Norton detects and quarantines it. I have had one or two so far. Indeed it does. I have had about 20 (8-(# -- QBBS (QL fido BBS 2:252/67) +44(0)1442-828255 tony@.demon.co.uk http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
Re: [ql-users] Caution- BugBear Virus (from another PC)
First of all sorry for my bad english. and sorry also for the virus :-( I use AVG but my database virus was (sic!) out fo date. My error. No italian restaurant, mafia connection or other stupid post :-/ Now I've updated the database. AVG now detect the worm but can't remove it Any suggestion? Mr Bergen, antivirus are a good solution for the virus problem but is there any solution for your idiocy? :-/ Giorgio Garabello
Re: [ql-users] Caution- BugBear Virus
??? 6/10/2002 6:14:44 ??, ?/? "Michael Berger" <[EMAIL PROTECTED]> ??: >... >To come back to the beginning of the discussion: the good news - I am >convinced that this newsgroup with its fashion of > (or >> or >>>) as state >of the art of attachments is definitely non-vulnerable for this kind of >attack. > > Well I imagine you mean the quoting of text. That has nothing to do with attachments unfortunately, so yes the group is VERY vulnerable to attacks (at least all those which these worms target) Phoebus
Re: [ql-users] Caution- BugBear Virus
>even INHEAR is not mean enough to open attachements automatically - the user >has to add the final piece of stupidity - by clicking on the attachement. >So (at least from my understanding) it would be unfair to complain about a >no-cost software that is dangerous to the dull ones - but that is something >the whole life is ... Actually no... because of its geared "for-the-masses" (as you nicely put it), it opens automatically all attachments indiscriminately... (unless you tell it not to...) Hence the spread of all these viruses/worms. I shouldn't tho blame Micro$oft for that as they want a piece of software that is easy enough even for the most inexperienced user... There IS a cost in the popularisation of computers after all. Phoebus WOW ... 10 years ago I could have claimed I just invented XML ;-) I must admit you are right - the "DO NOT CALL ITS NAME" email program shows attached pictures automatically - and come to think about it: it is nothing more than relying on the programmers responsibility (and the power of publicity!!!) - that it hopefully would not execute too much things secretly behind the nice Windoze GUI ... To come back to the beginning of the discussion: the good news - I am convinced that this newsgroup with its fashion of > (or >> or >>>) as state of the art of attachments is definitely non-vulnerable for this kind of attack.
Re: [ql-users] Caution- BugBear Virus
In message, =?windows-1253?Q?=D6=EF=DF=E2=EF=F2=20=D1.=20=CD=F4=FC=EA=EF=F2?= <[EMAIL PROTECTED]> writes > >Hi All, >Please be cautioned that Giorgio's been infected with the BugBear Worm. >Do not Open the attachment (unless LookOut Distress did that already >for you...) > >AVG does remove it. Norton detects and quarantines it. I have had one or two so far. -- Roy Wood Q Branch, 20 Locks Hill Portslade. Sussex. BN41 2LB. UK Tel : +44 (0)1273 386030 Fax : +44 (0)1273 430501 (New number!) Mobile +44(0)7836 745501 Web : www.qbranch.demon.co.uk
Re: [ql-users] Caution- BugBear Virus
At 02:19 ìì 6/10/2002, you wrote: > >even INHEAR is not mean enough to open attachements automatically - the user >has to add the final piece of stupidity - by clicking on the attachement. >So (at least from my understanding) it would be unfair to complain about a >no-cost software that is dangerous to the dull ones - but that is something >the whole life is ... Actually no... because of its geared "for-the-masses" (as you nicely put it), it opens automatically all attachments indiscriminately... (unless you tell it not to...) Hence the spread of all these viruses/worms. I shouldn't tho blame Micro$oft for that as they want a piece of software that is easy enough even for the most inexperienced user... There IS a cost in the popularisation of computers after all. Phoebus
Re: [ql-users] Caution- BugBear Virus
You REALLY made me laugh with your reply - that is a good thing, even if nothing else is, honestly! ok - I must admit I am a user of the program which is obviously fobidden to be named in this newsgroup ... the evil 'WhatEverLook'. The software "not for the classes but for the masses" (did'nt ATARI once upon a time advertise with a similiar slogan?) ... ok ... but I must claim one thing: even INHEAR is not mean enough to open attachements automatically - the user has to add the final piece of stupidity - by clicking on the attachement. So (at least from my understanding) it would be unfair to complain about a no-cost software that is dangerous to the dull ones - but that is something the whole life is ... - Original Message - From: "Phoebus Dokos" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, October 06, 2002 19:13 Subject: Re: [ql-users] Caution- BugBear Virus At 12:39 ìì 6/10/2002, you wrote: >what do you mean ATTACHMENT ??? > >something that has > > >or > >> >or even > >>> >in front of it ??? > >and who the hell is Giorgio - is this the waiter from the italian restaurant >next corner (I have ever been suspicious that he is a member of the mafia >...) Nope... an attachment (at least on LookOut Distress that you are using) appears as a nice paper-clip icon. If you have applied the latest security fix on the god forsaken thing Microsoft calls an email program you shouldn't have trouble Usually though few people do and Outlook generally has more holes than "Swiss" cheese made by Amish ;-) As for Giorgio Garabello, he is a well known and respected (plugg) member of the QL family :-) (Now Giorgio I expect a cheque in the mail first thing tomorrow morning) That's all folks, Phoebus
Re: [ql-users] Caution- BugBear Virus
At 12:39 ìì 6/10/2002, you wrote: >what do you mean ATTACHMENT ??? > >something that has > > >or > >> >or even > >>> >in front of it ??? > >and who the hell is Giorgio - is this the waiter from the italian restaurant >next corner (I have ever been suspicious that he is a member of the mafia >...) Nope... an attachment (at least on LookOut Distress that you are using) appears as a nice paper-clip icon. If you have applied the latest security fix on the god forsaken thing Microsoft calls an email program you shouldn't have trouble Usually though few people do and Outlook generally has more holes than "Swiss" cheese made by Amish ;-) As for Giorgio Garabello, he is a well known and respected (plugg) member of the QL family :-) (Now Giorgio I expect a cheque in the mail first thing tomorrow morning) That's all folks, Phoebus
Re: [ql-users] Caution- BugBear Virus
what do you mean ATTACHMENT ??? something that has > or >> or even >>> in front of it ??? and who the hell is Giorgio - is this the waiter from the italian restaurant next corner (I have ever been suspicious that he is a member of the mafia ...) - Original Message - From: "Öïßâïò Ñ. Íôüêïò" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, October 06, 2002 17:08 Subject: [ql-users] Caution- BugBear Virus > > Hi All, > Please be cautioned that Giorgio's been infected with the BugBear Worm. > Do not Open the attachment (unless LookOut Distress did that already for you...) > > AVG does remove it. > > > Phoebus > > >
[ql-users] Caution- BugBear Virus
Hi All, Please be cautioned that Giorgio's been infected with the BugBear Worm. Do not Open the attachment (unless LookOut Distress did that already for you...) AVG does remove it. Phoebus