Virus / worms / and stupid users - a little rant

[Ziffelpig]

Buy a router They are far superior to any firewall software and are getting quite inexpensive. I have a Belkin router, which is very easy to configure.
GoHerehttp://www.pcpitstop.com/ its a free service and will expose any security flaws your comp might have, then go here to remove and kill all ad and spyware http://spybot.eon.net.au/
Remove all anti -virus software then go here http://housecall.trendmicro.com/ and scan online for virii, its always up to date, which is one of the biggest reasons people continue to get virii, they have virus protection software installed on their comp but have never updated and in reality are not protected at all.[/url]

[TBoneit]

What Holistic said isn't quite true when he said

"And for %&*#'s sake STOP opening every stupid email marked important no matter what it is unless you know who sent it. "

An infected computer will send the virus to you as if it were a friend sending it to you.

To be safe is there is an attachment, email back to tyhe friend and ask them, did you send me a message with an attachment, you may be surprised.

I agree turn off the preview pane.

Cheers

[iooi]

On the point of emails you are far more likly to get a infected one from a friend than from anyone else....
Never open attachments without first confirming that they have been sent to you....no matter who they are from.
Had a lad at work get infected with a virus and when asked why he didn't run a virus checker on his computer the responce was well i put one on my old PC and it fried the M/B so i wont risk it again....Fact is his M/B was knackered before he put it on had nothing to do with it...

[The village idiot]

WooHoo! Front page!

OK, now I understand why people don't keep their machines up to date...

I just had to put a "new" hard drive in a machine. Loaded win2000 with sp2. And since I had sp3 on a disk, decided to load that. Well, then I had to go get a patch for the blaster worm. Did you know that the patch that works with sp2 will NOT work with sp3. It tells you you have to use the windows update crap. Well windows update is fairly busy. And with 54 MB of suggested stuff took about 15 minutes on DSL. Then another 45 minutes while it installed everything. What a massive pain in the neck!

It sure would be nice if they released things in a service pack you could download and burn to disk. I say that because this same machine will be getting a new hard drive when one goes on sale. What I put in for the time being is only ATA33 and too slow.

MicroFlaccid is evil!

[bugster]

So far, in the last 24 hours, I have received 123 e-mails carrying the Sobig.F virus, all caught by Norton AV.

[bugster]

Make that 125!!

[courtrrb]

I got a good one for you. My only MS window system has no email, and I removed Internet Xplorer from the system the best I could and forbid anybody using that system for or anything web releated and only for video stuff. I'am behind a linux firewall with only 4 ports opened that are a must for my main linux box. The only software I have on it comes off install cd's and I still got a *&^%*()( virus. I then bought Macfee Anti-virus and tried to instll it but it wouldnt instll becaus of the virus. So I bought PC-cillen and it found the virus and cleaned all 400 files that were infected. When I then went to burn my next DVD, Xp informs me that I don't have a dvd burner. WHAT!. So after buying 2 anti-virus software products I still ended up reloading the lousy OS. I give odds that MS has stock in all of these Anti-Virus companys. If this had been the home edition of XP I would had to re-register it at 3 time by now.

[ChrisX]

Many, many programs have internet capabilities. And, as I said, when I ran Norton Firewall, it showed dozens of programs that were set as "Automatic" for internet access. Microsoft is the least of my worries; when it pops up it is usually to inform me that there is a new "critical" update, so I soon go to get it. George

Many applications and programs in my computer is blocked this way for Internet access as not required send out signals.

As for Microsoft apps, mostly they are blocked for Internet access as well. MS Word is an example and I prefer to update them manually as I am on a network. The auto downloads take up too much time and I usually get an .exe file from Microsoft for different computers.

I normally delete cookies, temporary files once a month to safeguard the computer and on performance issues.

[ChrisX]

Again, this is the behaviour of Norton.

No program is automatically "trusted" for ZoneAlarm... EVERYTHING is asked (at least once).

Regards.

On Norton, this isn't true. NIS always asks you on a signal coming from a newly installed program or app and you can configure the firewall to always "ask". If a suspicious tracking signal tries to come out, it is stopped. You can check the firewall settings at anytime.

Not everything is automatically trusted on NIS. In fact, I blocked and put an "ask" on non-essential programs and apps myself. You can do this anytime.

You got to be advanced user to know which is ok or not ok.

In some cases this the only way to stop these signals, as some programs don’t have the disable feature. Not always possible though as some programs won’t work well without Internet access such as the Mp3 app, Musicmatch and I can configure that program on what it can or cannot send.

Chris

[holistic]

From TBoneit

An infected computer will send the virus to you as if it were a friend sending it to you.

Correct observation,but typically it will come with a wierd subject line. But yes family/friends are typically the biggest 'supplier' of virii.
Which brings us full circle.Most computer users are techno ignorants. (wanted to put a different ( I ) word there). They are bedazzled, by the techno babble bull$!t from M$ , IBM ,DELL and the like, telling them how simple it is to do this and do that , when in fact it is just not that easy.
Sure the Windows interface has got to the level where monkeys can now use it to copy DVD's, make Powerpoint presentations, make CD mixes for the car, so why is it everyone (me included) has problems. Proberly because most people just think the computer can do it all ,when infact all it is - 3Ghz and all is a very fast dumb calculator. A computer is just a tool and needs user intervention - period.
.......................... F it . more to say but just can't be bothered.

1 virus, 2 virii -- 1 sheep , sheep, 3 sheep, 4 sheep ...............ZZzzzzzz

][

[lordsmurf]

Remember this: no matter how much you know, there is ALWAYS somebody smarter than you out there.

I know a lot about computers/networking/etc, but having just recovered from a network crash (which is still being investigated, and reasons are still unknown though its looking to be a worm or trojan) let me be first to say that IT CAN HAPPEN TO THE BEST OF US. I have both hardware and software firewall, trojan scanners, and virus protection. But it wasn't worth tick when the crash happened.

Because I'm prepared for such things, I was able to keep at least 95% of my data, and not all systems were affected. But still, it pissed me off. It was the first thing to hit me in years.

However, I would tend to agree that a large portion of the problem lies with the user. But not all of it. Definitely not.

[gmatov]

Village,

Go back to MS and DL Service Pack 4 as something called enterprise or network version.
It allows you to DL the whole thing as a file you burn to disk, or keep as a file if you prefer.
I have DL'd all 4 SPs, rather than install on line. The hitch is, you get the whole thing, whereas if you have 1 installed, online may just need 20 more megs. The full DL is some 130 to 160 megs, but each includes 1 up, files in addition to the previous SPs.

Chris,
This is true. Anyone tries a fresh install, OS, mail prog, graphics, Media player, Norton with Firewall, the first time you trie your browser, mail, whatever, Norton pops up with X is trying to access....., and "Block this program" is usually the default. Well, I really would prefer to get my mail, so check Always allow.

I do NOT need for Real Player to go out everytime I boot up, nor my graphics nor a ton of stuff.

Go into Norton Firewall and see how much is "Automatic" that you don't want going out. Way more than it is blocking, and the ones it is blocking are the ones you DO want net access for, well, popping up and asking, anyway.

Holistic,

It is a super fast calculator. This is true. And it is a programmable calculator. And there are so many programs written for it that it's almost a given that some of them are going to conflict.
And, thank God that they are basically so easy to use. If they were too hard for the "techno-ignorant" to use they'd be made in the hundreds, or thousands, rather than the millions that allow them to be nearly commodity priced. We'd still be paying ten grand ot more for one-off machines.

Personally, I'll help these "techno-ignorants" as often as they ask me. Dozens of my co-workers, literally, call me for help when Windows crashes. I talk them through a fresh install over the phone. Half an hour later, or thereabouts, they're back up and running.

Makes me feel good, makes them very happy to not have to take it to a shop, and the repair cost is not the biggie, it's being without the machine for a couple, three days, or more.

And, I don't even let MS have unlimited access, just MSUPD, or whatever it's called..

Cheers,

George

[gmatov]

Lordsmurf,

Hear, hear!!!

Too many people think they're smarter than all those bad guys. All they gotta do is exploit something neither you, nor your Firewall, nor the Security people , CERT, whatever, is prepared for.

One message to an unprotected computer, and how can you be protected against something previously unknown, and, possibly, a large part of the entire, entire, mind you, Internet comes to a screeching, not a grinding, halt, as Admins start shutting down to protect themselves, if they have time.

Everyone who says "I'm too smart to get hit!" is whistling past the graveyard.
Everyone is vulnerable. They don't pay MIS people 100 grand plus to be stupid.

Glad to hear you think some guys are showing a little too much bravado.

Cheers,

George

[You_Are_Alive]

While on the subject on virii, I think I found one, that is at least new to me, because even after applying the pathches, I would still get a pop up window whenever win2000 is started. I think I've isolated a very suspicious file and the website it came from. Once deleted, everything ok. Once put back, bad stuff again.

So at your own risk, can anyone confirm that once they visit this site: store.yahoo.com, a cookie is created and immediately after that this file is uploaded, "svchosl.exe" which is probably a variant virus. The filesize is
52.0 KB (53,248 bytes). Or at least do a search for this file.

According to MS, the file "svchost.exe" is affected by the virus, but not the one I've got listed above.

Here's the path it takes to run itself and its dialog box upon startup:
D:\winnt\system32\cmd.exe
Windows 2000 IP Configuration
Successfully flushed the DNS Resolver Cache

Like I said, the patches did not fix this issue on my system, only after I manually deleted the file myself, everything is back to normal.

[gmatov]

You Are,

Absolutely!!
You have had a cookie placed on your machine.

It is not a bad thing. You have gone to a site that does not have it's own website, they are using Yahoo.com as their "store"

They list their products on Yahoos store, and if you go to that site to buy something, you have bought it from that vendor@Yahoo store.com.

Not a bad thing. I would bet they have better security than a mom'n pop website has.

Man, we are getting paranoid, aren't we?

[You_Are_Alive]

No, I like cookies, but thats not what I was concerned about, please reread my post more carefully and search for the file "svchosl.exe" and see if you have that in your system.

If you have, then you should experience the same thing I got on the next startup (refer to above post). I have copied the file on diskette as a specimen, would you like for me to email it to you so that you can run it on your system and see if I'm just being paranoid? 8)

I may be wrong, but I really think I'm onto something here. Like I said, if this file is there, my puter becomes unstable and shuts down, the patches don't address this file. Only when I get rid of it, everything is fine. See the dialog box that is created upon start up with this file intact. I just said that about the url address because when I checked the history, this cookie was created and immediately after, the file "svchosl.exe" was downloaded to puter automatically, no warnings.

The offer is good to anyone, please check for this file. It may just be another variant. Thats pretty cool, if I actually have one, or maybe its just fools gold.

[gmatov]

Nope, don't got it. Course I m still on Win 98.

[gmatov]

Village Idiot,

Where did you find the Greedy Dog? I did a google, 7500, or 75000 hits.

Will it allow me to see what the hell is happening to my machine right now?

I'm running at 45 to 55% CPU usage at the moment, slowing down my browser and e-mail, all I have open.

Some damn thing is using my cycles, and Norton Firewall, AdAware, Spybot, etc, plus my Router firewall are not indicating any activity at all. And it is not Win optimizing my hard drive.

Thanks,

Cheers,

George

[sterno]

"svchosl.exe" is typically a virus/trojan/worm. If you do a google search on it you'll find quite a few hits from various security and antivirus companies. The Network Associates (maker of McAfee) entry for it is http://vil.nai.com/vil/content/v_100566.htm, but I think that more than one virus/worm uses that same name to hide.

To see what's using CPU time you can try using the Task Manager on NT/2000/XP. If you go to the "processes" tab and click the "CPU" header it'll sort by %CPU used. I used to have a better program for it (more information, better organized, etc.), but I don't remember what it was.

[bugster]

"svchosl.exe" is typically a virus/trojan/worm.

Unfortunatley it is also a perfectly valid winxp/2k service. Not sure what it does exactly, but I currently have 5 instances of svchost.exe (services host?) running on this XP box and AFAIK, I am virus free. So looking in task manager for svchost is little help.

FYI, I think MSblaster also hid as svchost.

[sterno]

svchost.exe is a valid part of Windows. svchosl.exe, which You_Are_Alive mentioned, is not.

[bugster]

svchost.exe is a valid part of Windows. svchosl.exe, which You_Are_Alive mentioned, is not.

Good point, thats what I was thinking of.

Note to self, read more carefully