The page
indexArchives to
see what's
here. See
McAfee's Steps to Protect Your PC Welcome to Blaisdell's Little Corner of the Web
Freeware | Security | Virus
Information Archives | Web3000 |
| Microsoft Security Tools | The
List | Virus Removal Tools | Updated on 09/02/06
Latest Viruss Warnings & Alerts
The page
index
Archives to
see what's here.
See
McAfee's Steps to Protect Your PC
Interested in free antivirus software? Then
check out this page of freeware antivirus programs. Check them out, the price is right!!
Click on the image to the right.=============
Looking for a anti-virus scanner that won't break the bank (It's Free and is our personal
favorite):
AntiVir
Personal Edition - Our
Favorite. Go to Bo's
Featured Freeware for more or [Download
Now]
This easy-to-use freeware antivirus utility detects over 80,000 viruses and
includes a resident monitor and desktop program. Scans for DOS, Windows, macros
and Java viruses. Available in German and English. (For
Windows).
AVG Free
Edition
(Note: this site is occasionally unavailable).
Here's an excellent, freeware anti-virus utility that also offers you free monthly
updates. An easy-to-use program, AVG features resident protection, an E-mail scanner and
automatic healing of infected files. Note that the freeware version of this program is
only valid for users in the U.S., Canada and Britain. (For Windows).
Yeah
but Bo, is it really a virus or a hoax? Check out this selection of some of my favorite Hoax
Busting Sites. Never be taken by a hoax again! Is there anywhere else that I can go to get
real time virus info Bo? Sure is, click here. for some of my
favorites.
Bo's Mission
statement
Should I Worry
About Code Red?
Bohunkyo got a worm. KAKWorm to be exact.
Read more about this pesky little bugger by clicking here.
Step by Step
Five Remedies for Virus
Relief
Learn proactive and reactive actions that will make your computer virus-free. full
article
When is a
Virus not a Virus?
Check out Virus Hoax and Myths @ VMyths.com
Note: The Myths.com site is temporarily down. If
you get a message that the site cannot be found, try the Urban Legends and Folklore
site instead. Thanks Denise for the broken link report, very much appreciated....Bo
| Virus Encyclopedia | Virus Calendar | Hoaxes | Glossary|
Our Mission Statement - We here at Blaisdell's Little Corner of the Web firmly believe that knowledge is power. We do not believe that the computer user is inherently stupid and should be taken as a matter of course. Therefore, we will never knowingly talk down to you but will strive to lift you to the heights to which you aspire. So, roll up your sleeves and lets get jiggy wid it. Oh sorry,... lets get informed shall we?
 |
||
 |
||
|
Simple Steps to Protect Your PC | |
|
||
 Performing a few
simple steps can protect your PC from security threats. McAfee.com has tips and techniques
for keeping hackers at bay and keeping your personal information secure. Increase your
computer security today.
|
||
Want more? Go to Bo's Virus Info & Archives Page
Microsoft Security Tools |
|
 |
|
Hahaha Worm
Is No Laughing Matter
Alias Hahaha and Snow White, this complex worm updates itself via the Internet. Reports of
infection are increasing wordwide
Hybris (W95.Hybris.gen) is a complex supervirus whose e-mail delivery system is similar to Happy
99 and whose programming and payload are similar to MTX.
What have we learned?
Here are just a few things you can do to minimize your chances of getting infected.
The most obvious trend this year was the on-going outbreak of e-mail bound viruses. How do
you stay safe? Don't open attachments! One of the best ways to prevent virus infections is
not to open attachments, especially when dangerous viruses are being actively circulated.
Even if the e-mail is from a known source, be careful. A few viruses take the mailing
lists from an infected computer and send out new messages with its destructive payload
attached. Always scan the attached files first for viruses. Unless it's a file or an image
you are expecting, delete it.
You can’t get a virus simply by reading an email, right? Wrong. Today we greet VBS/Forgotten (a.k.a. VBS/Pica), the newest entrant to the “read an email, get infected” group.
The year 2000 was ushered in by the first of these email worms, BubbleBoy. Taking advantage of a security vulnerability in Microsoft Outlook and Outlook Express, BubbleBoy barely made a blip on the radar screens of antivirus vendors. Microsoft quickly released a patch and all was well. Or so it seemed.
For more virus information and the latest nastiest bugs, check out Bo's Latest Virus List
How can we prevent threats such as Kak, BleBla, and Forgotten from ruining our email experience?
VIRUS ALERT - W32/ProLin@
W32/ProLin@ is an Internet worm that spreads via
email. AVERT has given it a risk assessment of MEDIUM TO HIGH-RISK.
The email comes with an attachment named CREATIVE.EXE, which carries the icon of a Shockwave
Media Player application.
You may receive the email in this format:
Subject = A great Shockwave flash movie
Body = Check out this new flash movie that I downloaded just now ... It's Great
Bye
Attachment = creative.exe
If you run CREATIVE.EXE, it finds and alters all .JPG and .ZIP files on your
system and forwards a copy of itself to everyone in your email address book.
Please do not run the attachment.
Click here for more information from McAfee.com
The email can come from addresses that you will recognize. Attached is a file named NAVIDAD.EXE and when it is run, it displays a dialog box entitled, "Error" which reads "UI". A blue eye icon then appears in the system tray next to the clock in the lower right corner of the screen, and a copy of the worm is saved to the file "winsvrc.vxd" in the WINDOWS SYSTEM directory.
If your PC becomes infected with the W32/Navidad@ worm, all subsequent emails addressed to you will be responded to automatically with an email from your address with the W32/Navidad@ worm as an attachment. Click here for detection and removal instructions from McAfee.
PROBLEM: Your friend's version of ZoneAlarm logs alerts to a file, but
your own version does not.
SOLUTION: Earlier ZoneAlarm versions don't write intruder alerts to a log
file, whereas later versions do (2.1.7 and beyond). Since ZoneAlarm doesn't turn on
intruder logging by default,
though, you should: click on the main dialog box's Alerts button, then check the "Log
alerts to a text file" check box.
Index
Microsoft's Security Patches and where you can get
your copy.
These updates are located at:
Office 2000 Service Release 1- <http://officeupdate.microsoft.com/2000/downloadDetails/O2kSR1DDL.htm>
Outlook 2000 E-mail Attachment Security Update- <http://officeupdate.microsoft.com/2000/downloadDetails/O2Kattch.htm>
Outlook 98 E-mail Attachment Security Update- <http://officeupdate.microsoft.com/downloadDetails/O98attch.htm>
Outlook 97 E-mail Attachment Security Update- <http://officeupdate.microsoft.com/downloadDetails/O97attch.htm>
3) If you use Outlook 2000, use the option to set your attachment security setting to
High. When security is set to High, users will receive a warning before opening an
attachment. To make sure your setting is set to High:
1) On the Tools menu select Options
2) Select the Security Tab
3) Click on the Attachment Security button
4) Select High (if not already selected)
Index
BoHunky0 Hit with "DA.SlowDown Virus"
No matter how careful you are, or think you are, viruses
can affect anyone
even the Bo Master.
On August 3, 2000 I was hit with the DA,SlowDown virus
which attached itself to my C:\PROGRA~1\INTERN~1\CONNEC~1\ICWCONN1.EXE
or
(C:\Program
Files\Internet Explorer\Connection Wizard\icwconn1.exe) as you can see, it
attached itself to Internet Explorer's Connection Wizard. Symptoms include, but are
not exclusive to; an immediate slowdown in your Internet connection (I connect
at a humble 33.6 KBS which my ISP sees as 28.8 KBS), an obvious memory
drain,
(The SlowDown virus is a TSR Terminal or Stay Resident virus)
and subsequent
lockups and crashes. The virus is an old one, molded in 1990 but obviously is floating
around the web somewhere. It could only have come from a few programs which I routinely
allow ebb and flow net access through ZoneAlarm, my personal firewall.
Norton Anti-Virus discovered this behavior and repaired the damage. A freeware program InoculateIT Personal Edition that I have used for a long time did not detect the virus. I am in the process of determining where the bug came from. I have my suspicions but I am not sure at this point in time.
Simply because I use the Internet for a varied amount of
projects, I routinely run 3 separate anti-virus programs and at times are testing others
for different people. I was not testing any at this time however. Even with all my
precautions I allowed access to my computer for malicious intent. It is time to rethink my
security options and start to tighten up a bit. First stop, rethink my firewall settings,
this is how I contracted the virus, of this I am certain.
Symantic's Virus Research Center
says this about the virus:
| Detected as: | DA.SlowDown |
| Aliases: | Dark Avenger |
| Area of Infection: | .COM Files, .EXE Files, COMMAND.COM |
| Characteristics: | Memory Resident, Triggered |
A variant of the original Dark Avenger.1800 based on the author's source code,
which he released in January of 1990.
Norton AntiVirus users can protect themselves from this virus by downloading the current
virus definitions either through LiveUpdate or from the following webpage:
http://www.symantec.com/avcenter/download.html
Bohunky0 has gone digging for worms and found a KAK of em!
Just letting you know that I had received a worm virus
that attached itself to my email
signature file. Norton discovered it and I have
located all of the pointers, as far as I know, it continually reloads itself after Norton
has cleaned it.
Here is what to look for in your Autoexec.bat:
@ off>C:\Windows\STARTM~1\Programs\StartUp\kak.hta
del C:\Windows\STARTM~1\Programs\StartUp\kak.hta
In your Registry it sets up the following:
REGEDIT4
[HKEY_CURRENT_USER\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Software\Microsoft\Outlook Express\5.0\signatures] "Default Signature"="00000000"
[HKEY_CURRENT_USER\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Software\Microsoft\Outlook Express\5.0\signatures\00000000] "name"="Signature #1" "type"=dword:00000002 "text"="" "file"="C:\\WINDOWS\\kak.htm"
[HKEY_CURRENT_USER\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Software\Microsoft\Outlook Express\5.0] "Signature Flags"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cAg0u"="C:\\WINDOWS\\SYSTEM\\03FA7420.hta" This one sets up a warning when windows starts=Driver Memory Error - it is nothing more than an html document. It is a file named:
03FA7420.hta and will be found in your Windows\System directory. You may need to delete this one through DOS, I did.
It also delivers the following file to your root directory C:\
AE.KAK
And
kak.reg to your Windows directory. C:\Windows
Because it is a Internet Explorer Worm it attaches itself to your signature file in Outlook Express and mails itself along with your email to others.
You may wish to warn the folks that you regularly email to.
VBS.KakWorm spreads using Microsoft Outlook Express. It attaches itself to all outgoing messages via the Signature feature of Outlook Express and Internet Explorer newsgroup reader.
The worm utilizes a known Microsoft Outlook Express security hole so that a viral file is created on the system without having to run any attachment. Simply reading the received email message will cause the virus to be placed on the system.
Microsoft has patched this security hole. The patch is available from Microsoft's website. If you have a patched version of Outlook Express, this worm will not work automatically.
Also known as:
VBS.Kak.Worm, Kagou-Anti-Krosoft
Category: WORM
Infection length:
4116 Bytes
Virus definitions:
December 30, 1999
Question: "Recently, I keep getting the following message: "zbSFV.exe has generated errors and will be closed by Windows. You will need to restart the program." When I click OK nothing happens. I get this message for any program I have open, and sometimes when I have NO program open. A search reveals this file is in my WINNT\system32 folder, but I don't know what it does. I have Win2K Professional with plenty of memory. Does anyone know what this error message is about? Thanks for assistance." ~ Jim
Answer: It is a Trojan horse. Run a complete virus scan on your system with the latest virus signatures. You may have to boot in Safe Mode for it to work. Download Ad-aware 6 and its latest update and run it. Download SpyBot Search&Destroy, its updates, and run it (in that order). Download HijackThis and run it. These three programs are all freeware. HiJackThis checks to see what browser extensions are installed. Be careful that you do not delete any extensions that you DO want. These four things should fix you up.
"Whenever I run across a client with Trojans/viruses, I kill the process tree, edit the "Run" sections of the registry and Start Menu to remove the calling program (probably started with RUNDLL32.EXE), boot in Safe Mode, and run my antivirus stuff before doing the rest."
MELISSA UNLEASHED AGAIN
She's baaaaaack. A
variation of the celebrated Word virus Melissa popped up after a Macintosh Office 2001
user saved an infected document. The document was emailed to a Windows 97 user who opened
it and started the latest round of infection. The virus -- this one's called Melissa-X or
Melissa 2001 -- works by sending itself to 50 Outlook addresses, eventually clogging email
servers and shutting them down. Suspect Melissa if an email arrives with "Important
Message From (name)" in the subject line, and the statement "Here is that
document you asked for ... don't show anyone else;-)" in the body.
W97M/Melissa@ is a macro virus for Word97 that spreads via the email program MS Outlook. This virus creates an Outlook object that sends an infected document to the first 50 addresses in the address book.
The email comes with the subject line "Important Message From" Application.UserName, with a body text of "Here is that document you asked for ... don't show anyone else ;-)" and a document attached. The content of the document is a list of pornographic Web sites.
First discovered on March 26, 1999, this virus is now in a new file format for Word9X / Office2001 for Mac. It is specific to Mac Office2001 and can infect a host system running Office98 (also for Mac) or Office2000. This virus will infect Office97 systems that have been updated to SR1 update and above.
PC Users: This variant can infect users of Windows Office 97 or 2000 if they receive the email message from a Mac user.
Another variant of this worm is W97M.Melissa.Wï
Also see:
| Virus won’t let victims get help | |
 |
A computer virus that’s smart enough to block its victims from getting help is steadily spreading around the Internet. ï |
Also be warned. I received a virus the other day myself. It is called the Hahaha virus and carries an attachment. Of course it has the usual Melissa like protocol. That is it sends itself to the first 50 people in your Outlook address book. Never open any attachments that you are not expecting and even then there is no guarantee. For those of you who regularly email me not to worry, I knew of the virus and deleted the minute that I saw it. No infection has taken place and to be sure I ran a virus scan of my entire system and network. No problems were reported. Learn more about the Hahaha worm and others at Bohunky0's Virus Archives pageï
Blaster is a worm, a program that runs on one computer and then looks for other computers across the network or Internet it can infect. In this case it uses a technique called 'buffer overrun' to trick a computer into running a program.
You don't have to do anything to infect your computer, even if your computer is sitting idle it could be infected if the right connections (ports) are open to your computer. Just being careful with your email and what web pages you visit isn't going to help.
Blaster takes advantage of a known problem in Windows NT, NT Terminal Services Edition, 2000 (all flavors), XP (all flavors) and Windows Server 2003 (all flavors). This worm takes advantage of the security flaw that was highlighted by the US Dept, of Homeland Security a few weeks ago.
The Good News? This is a known problem and there is a fix. To prevent this exposure go to Windows Update to grab any critical updates or patches.If you have already updated your system, then you'll already have the fix that prevents Blaster from infecting your computer. To make sure you have the right fix, go to Settings | Control Panel | Add/Remove Software then scroll down to the long list of fixes. Look for one labeled with the number 823980 - that's the fix you need. If that patch (823980) is installed already you can rest easy.
More info and patch availability below:
What can you do?
It goes without saying, that's why I am saying it, update your virus definitions and run a
full system scan of your computer.
Think you are already infected? Here is how to find out:
That will stop the worm from running for this instance, but you still have to remove it from your computer.
Symantec has released a free removal tool in case you need it. As usual Symantec has done the job that Microsoft won't do. Their security response page has lot's of details on detection and removal, granted most of the details you won't need but it's nice to know it's there. There's some suggestions for blocking ports using a firewall to prevent future attacks and that's tempting to do in the heat of the moment. However those ports can be necessary for you to do your work so make sure you know what you're doing.
The Microsoft Instructions Newsletter
Microsoft has just released a document which describes how users of various Microsoft
Systems Software can protect themselves. It also describes who is at risk and how to
minimize that risk. Click
here for the details of this newsletter.
Thanks for stopping by
Attention Telemarketers:
| Try Bohunky0's Tech Support Help Web | Bo Explains Internet Security Needs |