Re: [Declude.Virus] W32.Neroma@mm virus in .jpg?
http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] Sheesh! That's nice. What really gets me on these bugs, is that you're supposed to disable System Restore in ME/XP You would think that compressed backup data would be immune to this sort of thing. What's the point of having sys restore if everytime you MAY have a virus you need to wipe ALL the restore data? That's a pain... if only you could kill the last X number of restore points, but save the earlier ones from before the virus hit. stupid M$. just a rant... no real meaning. It's Monday after all =) Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Neroma@mm virus in .jpg?
Thanks Kami. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Saturday, September 06, 2003 1:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] [EMAIL PROTECTED] virus in .jpg? John.. Symantec's site is so confusing at times.. Take a look at this: http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=100601 The virus is likely to be received in an email bearing the following characteristics: Subject: It's Near 911! Attachment: Nerosys.exe (911.jpg label is used) Body: Nice butt baby! Regards, Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Neroma@mm virus in .jpg?
What really gets me on these bugs, is that you're supposed to disable System Restore in ME/XP You would think that compressed backup data would be immune to this sort of thing. What's the point of having sys restore if everytime you MAY have a virus you need to wipe ALL the restore data? That's a pain... if only you could kill the last X number of restore points, but save the earlier ones from before the virus hit. stupid M$. Not MS problem. Think about it. You make any kind of backup or archive of an infected file, the archive or backup contains that infected file. If you should restore that backup, you have restored the infected file. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Neroma@mm virus in .jpg?
Right, I got that, but if you have 3 months of CLEAN restore points, you only just got infected today, for example, you shouldn't have to trash every restore point, only today's, or even yesterday's, or even a month back. for that matter.. If that's the only way, why have restore points at all? This is assuming you're not using some other means for backup of course, relying on restore doesn't help much anyway from what I've seen. Messes up your AV and other time related programs. OK, I got it now. Yes, they has been a complaint of mine too. Turning off restore points is all or none. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] W32.Neroma@mm virus in .jpg?
Now we have to worry about viruses in picture files? Nope - it's a normal .EXE attachments (just disguised as 911.exe). It's an old trick - either using double extensions (e.g. .JPG.EXE) or using MIME headers that refer to it as a picture - but the system file type is .EXE. A good virus scanner would be detecting that style virus preventively since at least March 2003. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
