Virus Warning

[Mark Ardito]

OK it is that time again...another bad one is going around. Just when you thought you were done with the Klez virus...here comes BugBear.

This one is pretty bad and is being spread fast. 13 people at my company this morning!

Tons of details are involved in this virus. I will let you read them here.

What is basically does is again grab your address book and mail everyone in it, but it also opens up backdoors on your machine so http port 80 is open to hackers. It also tries to stop your firewall and antivirus applications. It looks for files such as zonealarm.exe and vshield.exe and attempts to stop them every 30 seconds. This one is bad. Luckily Symantec has already come out with a removal tool. You can down load it here.

One word of advice. If you are a forumite with a broadband connection (DSL or Cable Modem), please use a firewall. I really like ZoneAlarm and you can download a free version of it from ZoneLabs. Also please visit the Microsoft website and update your operating system. Your operating system is just like your antivirus. It needs constant updating. You can either visit http://windowsupdate.microsoft.com/ or if you have Internet Explorer, you can go to the *Tools* menu and then scroll down to *Windows Update*.

Again, I will stress that it is important to update you OS and your Browser. You can get updates for Internet Explorer from the Windows Update website.

If anyone has ANY questions please feel free to post here or if you do not wish to post, you can always email me directly. I have a open email policy. If you need help with any computer support I will try and get you straightened out via email or sometimes I have even called people on the phone. Please lets all practice safe computing. I would hate to see more forumite's lose their computers to a stupid virus.

Mark



------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com

[Colin Keyworth]

I recieved an e-mail last night with an attachment & the subject "welcome to outlook express". It claimed to be from outlook express support team but the e-mail address was msoe@yahoo.com which is strange coming from Microsoft. Luckily hotmail use mcKafee so i could not download the attachment. Just thought i'de make you aware of this -regards- Col

------------------
Sho-Bud LDGsp,levinson Blade,Peavey session 400 Limited,Boss GT-3

[CrowBear Schmitt]

i got the same Email "Welcome to Outlook Xpress" yesterday
i too found it suspicious and deleted it
my Symantec program did'nt signal anything.
Beware Friends
when in doubt... Delete

[Johan Jansen]

There is another virus going round, dangerous/
It can be detected , but hard to remove. It's a networkvirus, that places a file in your registry that triggers a server to put on a new one, as soon as you remove it. It's called opaserv.exe.
It also makes your PC used as a calculating engine, and slows down your pc, because it eats your memory.
You only can remove it by disconnect all wires in the network, it's so clever it can hide anywhere, under other names. scrsvr.exe It took me a week to get rid of it.
http://www.computing.net/security/wwwboard/forum/2548.html
As soon as you managed to, close port 139. (works for now)<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Johan Jansen on 08 October 2002 at 10:19 AM.]</p></FONT>

[Mark Ardito]

Johan,

Thanks for posting that information!

Yeah, I can not stress enough about having a firewall setup on either your machine or now I see that a company Linksys makes routers with a firewall built right onto it. Your computer has thousands of ports on it. Mainly you use 3 ports 80(which is http or the www) 110(which is POP3 or receiving email) and 25 (which is SMTP or sending email). Other people may use FTP or TELNET for other situations, but then you ask...what do the other ports do? Not much. Basically they leave your computer wide open for hackers.

I have already received a lot of emails from forumites regarding the ZoneAlarm firewall and other security issues. Would it be helpful if put up on my website a place for instructions on setting up security on your PC and helpful hints on configuring your ZoneAlarm firewall? Let me know if this would help and I will do it. Basically, I want to see a show of hands before I spend the time to set up the help pages.

Let me know!

Thanks,
Mark



------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com

[Bill Ford]

One keeps showing up on mine(2 in the last hour)..W32.Bugbear@mm..one came as a reply for a book order,the other from someone on my address book,neither addressed to me but I got it anyhow.Norton stopped both.
Bill

------------------
Bill Ford

[Steve Feldman]

<SMALL>Would it be helpful if put up on my website a place for instructions on setting up security on your PC and helpful hints on configuring your ZoneAlarm firewall? Let me know if this would help and I will do it.</SMALL>

Sure! I think this would be very useful, but I think the show of hands is a good idea. This is where we need a Forum archive, or FAQ, or something like we have discussed (elsewhere) previously. I'm afraid you'd go to the trouble to put something together and then it would just drift away. Thanks Mark.

[Fred Shannon]

<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Fred Shannon on 06 December 2004 at 01:58 AM.]</p></FONT>

[Lyle Bradford]

My hands are up!!!

[John P. Phillips]

Also got the "welcome to outlook express" e-mail. just dumped it immediately !!

------------------
"Let's go STEEL something"
If it feels good, do it. If it feels COUNTRY, do it twice
jpp

[Ron Page]

Am I really missing anything if I let ZoneAlarm configure itself?

I took the recommended install and just answer questions once in a while and tell it whether or not to remember the answer. I usually answer "yes" because if it doesn't remember the answer, who will?

[Gene Jones]

* <FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Gene Jones on 14 October 2002 at 03:52 AM.]</p></FONT>