Thread Tools
Old May 20, 2002, 12:52   #1
Tau Ceti
King
 
Tau Ceti's Avatar
 
Local Time: 02:57
Local Date: November 1, 2010
Join Date: Nov 1999
Location: Oslo, Norway
Posts: 2,151
Virus alert
Yesterday I was infected by a fairly nasty virus, W32/Klez.h@MM. (Curses to the fifth generation upon Outlook Express and its automatic opening of attachments ) Although I shut down my net connection as soon as I understood what was happening, some copies of it were probably sent out, and I have quite a number of the players here in my address book.

I believe this virus scrambles the From: field, but in any case: if any of you received a suspicious looking message (possibly with my name on it) around 19:30 GMT yesterday, delete it immediately. If you use Outlook or Outlook Express, do not even click on it.

I am fairly sure I have cleaned it all out now, but there are still some final diagnostics to do, plus reinstalling some files that were lost. When I have the time and opportunity, I will respond to emails sent to me (via webmail from another computer), but all my games and the new one I am setting up are on hold until I am sure everything is working correctly again.

I apologize for the delay, and for any problems the whole thing may have caused.
Tau Ceti is offline  
Old May 20, 2002, 13:06   #2
Dreifels
Prince
 
Dreifels's Avatar
 
Local Time: 01:57
Local Date: November 1, 2010
Join Date: Oct 1999
Location: Alpha Centauri
Posts: 308
Re: Virus alert
Quote:
Originally posted by Tau Ceti
Yesterday I was infected by a fairly nasty virus, W32/Klez.h@MM.
see virus information at
http://vil.mcafee.com/dispVirus.asp?virus_k=99455

Quote:
(Curses to the fifth generation upon Outlook Express and its automatic opening of attachments)
This you can disable

Quote:
If you use Outlook or Outlook Express, do not even click on it.
check your email *before* downloading
http://www.geocities.com/SiliconVall...576/magic.html

__________________
http://AlphaCentauri.US/ in English and German
http://civ3.2be.cc/
http://1steuro.net/
Dreifels is offline  
Old May 20, 2002, 13:16   #3
Flubber
Alpha Centauri PBEMACDG PeaceAlpha Centauri Democracy GameACDG The Human HiveACDG Planet University of TechnologyACDG The Cybernetic Consciousness
Deity
 
Local Time: 18:57
Local Date: October 31, 2010
Join Date: Aug 2000
Location: With a view of the Rockies
Posts: 12,242
Tau

I received this virus about a week ago from about a half-dozen sources (none of them you) but believe I have avoided infection thus far. It appears that most scanning software has no problem detecting this thing.

It does scramble the From line as I received emails from people who I don't know but who did appear in a few friend's address books. The hardest part is figuring out who the infected party is.
Flubber is offline  
Old May 20, 2002, 13:26   #4
Dreifels
Prince
 
Dreifels's Avatar
 
Local Time: 01:57
Local Date: November 1, 2010
Join Date: Oct 1999
Location: Alpha Centauri
Posts: 308
Quote:
Originally posted by Flubber
It appears that most scanning software has no problem detecting this thing.
I also got it with several suspect emails, however
1) I check my email *before* downloading and kill all from unknown guys
2) I've McAfee VSield running for all Internet activities and that protects very well. (Within the past 10 years I *never* had a virus or worm on my system)
__________________
http://AlphaCentauri.US/ in English and German
http://civ3.2be.cc/
http://1steuro.net/
Dreifels is offline  
Old May 20, 2002, 15:38   #5
Chowlett
Alpha Centauri PBEM
King
 
Chowlett's Avatar
 
Local Time: 00:57
Local Date: November 1, 2010
Join Date: May 1999
Location: of Candle'Bre
Posts: 1,804
Re: Re: Virus alert
Quote:
Originally posted by Dreifels
This you can disable
How?
__________________
The church is the only organisation that exists for the benefit of its non-members
Buy your very own 4-dimensional, non-orientable, 1-sided, zero-edged, zero-volume, genus 1 manifold immersed in 3-space!
All women become like their mothers. That is their tragedy. No man does. That's his.
"They offer us some, but we have no place to store a mullet." - Chegitz Guevara
Chowlett is offline  
Old May 20, 2002, 16:07   #6
Dreifels
Prince
 
Dreifels's Avatar
 
Local Time: 01:57
Local Date: November 1, 2010
Join Date: Oct 1999
Location: Alpha Centauri
Posts: 308
read at
msnews.microsoft.com

This here isn't a support group for MS programs
__________________
http://AlphaCentauri.US/ in English and German
http://civ3.2be.cc/
http://1steuro.net/
Dreifels is offline  
Old May 20, 2002, 17:09   #7
KrysiasKrusader
Alpha Centauri PBEMACDG3 Spartans
King
 
KrysiasKrusader's Avatar
 
Local Time: 19:57
Local Date: October 31, 2010
Join Date: Apr 2002
Location: Commander of Corazon's Own Elite Guard
Posts: 1,075
Quote:
Originally posted by Dreifels

This here isn't a support group for MS programs

Well said, Dreifels ! I totally agree.

__________________________________________


On an other note...

I've been active in PBEM for a month now, and have recieved no less than 72 (!!!), various virus/worm/trojan alerts. There are a lot of you who are operating unprotected systems.

Anti-viral software is only as good as the last time you have updated it.

Microsoft products/applications, are primary targets for writers of malicious code. You might consider using other (and just, if not more, as effective) brands.
KrysiasKrusader is offline  
Old May 20, 2002, 19:31   #8
Tau Ceti
King
 
Tau Ceti's Avatar
 
Local Time: 02:57
Local Date: November 1, 2010
Join Date: Nov 1999
Location: Oslo, Norway
Posts: 2,151
I have been checking with some of my contacts, and if any copies were sent out, it certainly never reached 'b' in the address book (it only had a couple of seconds anyway; depending on the size of the attachments, it may not have had time to send out even one. So that is good.

Dreifels, thanks for the links. I already checked the McAfee one as the first thing I did and followed the instructions to remove the virus; this thread was meant as a public service announcement in case it had managed to send copies of itself around, not as a cry for help.

I never really felt the need to prescreen the account as I receive virtually no spam (IIRC ~2 in 2.5 years - both fairly non-standard and one even claimed to be about software for 'borehole plotting' ). But it could be handy, I guess.

I have received at least two suspicious mails before but they would have required me to actively click on the attachment and open it (and even I am not that stupid); this one activated when I just clicked on the message to delete it.

I may just be stupid again but I do not see a way to turn off automatic opening of (some) attachments (and I cannot seem to get into msnews.microsoft.com either). I believe the version of OE I am using (5.00.2615.200) may just be too old (late 99) to have this functionality. It will of course be upgraded.

The are certainly deserved, as security settings were not exactly at the top level. Hopefully others too can learn from my mistakes.

KrysiasKrusader: That is pretty bad. I believe this is only my third received virus (first infection) in nearly 2.5 years of PBEM...
Tau Ceti is offline  
Old May 20, 2002, 19:54   #9
KrysiasKrusader
Alpha Centauri PBEMACDG3 Spartans
King
 
KrysiasKrusader's Avatar
 
Local Time: 19:57
Local Date: October 31, 2010
Join Date: Apr 2002
Location: Commander of Corazon's Own Elite Guard
Posts: 1,075
Hi Tau Ceti, (Looking forward to crossing swords with you on the fields of honor some day.)


I said "alerts", not infections.

My anti-viral + firewall apllications are configured to prompt me upon incoming malicious code. Thus, I'm alerted and asked how to proceed. So far (keep fingers crossed), I have managed to stop/block/quarantine/disect/eradicate everything.
KrysiasKrusader is offline  
 

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT -4. The time now is 20:57.


Design by Vjacheslav Trushkin, color scheme by ColorizeIt!.
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Apolyton Civilization Site | Copyright © The Apolyton Team