Searching \ for '[OT]: virus' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=virus
Search entire site for: 'virus'.

Exact match. Not showing close matches.
PICList Thread
'[OT]: Virus'
2000\09\19@130730 by Sean Breheny

face picon face
Hi all,

First off, don't get scared, this isn't about a virus posted to the list :-)

I work part time as a computer support tech here at Cornell and we have
got several computers which appear to be infected with a virus which
McAfee calls "W32/MTX@MM". However, when I go to their site and look up
info on the behavior of this virus, it doesn't exactly match the behavior
on our infected machines. More importantly, McAfee refuses to clean it
(even though we have the latest update and thw site implies that it can
be cleaned). Anyone heard of this virus or any possible new variants?
Can you offer any help? Is Norton AV better than McAfee?

Thanks,

Sean

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's


2000\09\19@132216 by M. Adam Davis

flavicon
face
No, but I bet if you send the virus to a bunch of mailing lists and newsgroups
they'll clean your clock... er, computer...

If McAfee won't do it, try Symantec, or one of the other of dozens of virus
protection programs.

Oh, and back up your important data.  Now.

-Adam

Sean Breheny wrote:
{Quote hidden}

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's


2000\09\19@132906 by 859-1?Q?Ole_Petter_R=F8nningen?=

picon face
Try Norman  (http://www.norman.com). If it doesn't clean it either, you just might
have a mutation of W32/MTX@MM, in wich case you should back up a couple of
files and mail it to one of the 'good' companies. (Norman, wich my company
uses at about 600 servers and 12K 'puters, usually have it out in a day or
so)

OP
{Original Message removed}

2000\09\19@140221 by Barry Gershenfeld

picon face
>Oh, and back up your important data.  Now.
>
>-Adam

But *don't* write over your previous backup!

Barry

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's


2000\09\19@141623 by M. Adam Davis

flavicon
face
Sounds like the voice of experience... ;-)

-Adam

Barry Gershenfeld wrote:
> But *don't* write over your previous backup!

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's


2000\09\19@144355 by Sean Breheny

face picon face
Hi Adam,

That's why I am telnetting to another server in order to send these
emails to the piclist :-)

Yes, we are backing up the data on all the machines which are infected.

Thanks,

Sean


On Tue, 19 Sep 2000, M. Adam Davis wrote:

{Quote hidden}

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's


2000\09\19@144613 by Barry Gershenfeld

picon face
For once in my life, no.  But yes, most of my remarks could
be followed by "Ask me how I know"

Barry

{Quote hidden}

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's


2000\09\19@150307 by Mark Willis

flavicon
face
Try also f-prot's Windows version;  They're pretty regularly putting out
virus updates, at http://www.complex.is/f-prot/obtaining.html, get the
latest virus file updates (Sign.Def and Macro.Def) also so you have
those, the data files in the Windows version are from April (when it was
released.)

 Mark

Sean Breheny wrote:
{Quote hidden}

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's


2000\09\20@034415 by Jan Lund

flavicon
face
Hi Sean.

You can find the description here :

http://vil.nai.com/vil/virusChar.asp?virus_k=98797

McAfee says that it will be cleaned with DAT 4095.

rgds
Jan

> {Original Message removed}

2000\09\20@225328 by Sean H. Breheny

face picon face
Thanks for all the virus help,

We finally fixed it by a complex process which involved scanning the
infected machines remotely, over the network. We used Norton AV, but had to
run it remotely because when installed on the local machine, the infected
DLL files seemed to interfere with its Live Update feature, which was
necessary to get a recent enough update in order to recognize this virus.
We also had to edit the registry (as per Symantec's site's instructions)
and reboot the machine and scan again (it seemed to leave the virus in
memory which then left one additional infected file on the drive).

This virus is fascinating because it was actually intended to download
plugins for itself from a web site (which has now been shut down). The
virus also detects when an AV program is running and lies dormant, which
explains why some of our machines were exhibiting no symptoms and others were.

Thanks again,

Sean

At 09:39 AM 9/20/00 +0200, you wrote:
{Quote hidden}

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics



'[OT]: virus'
2001\12\06@191050 by Tony Nixon
flavicon
picon face
Sorry for the OT and more virus stuff.

I received some email the other day and all I did was single click a
message and as soon as focus shifted to it, some sort of exe program
executed, and I'm pretty sure i have a worm or virus or something
although the latest VET doesn't report it. All I saw as a window open
and close so quickly that I couldn't make out what it was.

Can anyone tell me how to stop things like this happening with
Microsofts mail program? I looked through the options etc. but can't see
how to make my mail just readable - not executable as it pleases.

--
Best regards

Tony

mICros
http://www.bubblesoftonline.com
spam_OUTsalesTakeThisOuTspambubblesoftonline.com

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email .....listservKILLspamspam@spam@mitvma.mit.edu with SET PICList DIGEST in the body


2001\12\07@074637 by Roman Black

flavicon
face
Tony Nixon wrote:
>
> Sorry for the OT and more virus stuff.
>
> I received some email the other day and all I did was single click a
> message and as soon as focus shifted to it, some sort of exe program
> executed, and I'm pretty sure i have a worm or virus or something
> although the latest VET doesn't report it. All I saw as a window open
> and close so quickly that I couldn't make out what it was.
>
> Can anyone tell me how to stop things like this happening with
> Microsofts mail program? I looked through the options etc. but can't see
> how to make my mail just readable - not executable as it pleases.


Yes, delete M$ IE and install netscape like
any sensible internet user. :o)
-Roman

--
http://www.piclist.com hint: To leave the PICList
piclist-unsubscribe-requestspamKILLspammitvma.mit.edu


2001\12\07@104933 by Tsvetan Usunov

flavicon
face
>Sorry for the OT and more virus stuff.
>
>I received some email the other day and all I did was single click a
>message and as soon as focus shifted to it, some sort of exe program
>executed, and I'm pretty sure i have a worm or virus or something
>although the latest VET doesn't report it. All I saw as a window open
>and close so quickly that I couldn't make out what it was.
>
>Can anyone tell me how to stop things like this happening with
>Microsofts mail program? I looked through the options etc. but can't see
>how to make my mail just readable - not executable as it pleases.
>
>--
>Best regards
>
>Tony

Hi,

Simple solution is to delete/rename Wscript.exe in your Windows directory.
The script autoexecution is big security hole in Windows Outlook express.
I never found anybody else than viruses to use it.
Also you can put your Internet security options to ask you before any file
execution.

Best regards
Tsvetan
---
PCB prototypes for $26 at http://run.to/pcb (http://www.olimex.com/pcb)
Development boards for PIC, AVR and MSP430  (http://www.olimex.com/dev)

--
http://www.piclist.com hint: To leave the PICList
.....piclist-unsubscribe-requestKILLspamspam.....mitvma.mit.edu


2001\12\07@104945 by Dale Botkin

flavicon
face
> Yes, delete M$ IE and install netscape like
> any sensible internet user. :o)
> -Roman

Netscape?  Yuck!  Linux and Kmail, or better yet Pine!

<big grin here, just stirring the pot...  I'm *kidding*, folks!!>

Dale

--
http://www.piclist.com hint: To leave the PICList
EraseMEpiclist-unsubscribe-requestspam_OUTspamTakeThisOuTmitvma.mit.edu


2001\12\07@114731 by Paul Hutchinson

flavicon
face
I had the same scare recently but it turned out to be OK.
Take a look at the mail header and see if it's got something like this:

Content-Type: audio/x-wav;
        name="info.DOC.scr"
Content-Transfer-Encoding: base64
Content-ID: <EA4DMGBP9p>

Also see if the from address in the header has an underscore prefix.

If these items are present in the mail header then it was the Badtrans
virus. For some reason Outlook fires up something, even if the attached
virus has already been removed by AV software (I think it was media player
but, it closes too fast to be sure).

BTW - I'm using MS LookOut because it is mandated by the corporate IT
department :-(. Although, in the nearly five years I've been using it I have
grown to like many features and, sensible operation combined with keeping up
with the patches has kept my PC's virus free. I have my brothers family run
only with Eudora for better safety but, someone in the house opened an
attachment and the PC got infected with SirCam a while back.

Paul

{Quote hidden}

--
http://www.piclist.com hint: To leave the PICList
@spam@piclist-unsubscribe-requestKILLspamspammitvma.mit.edu


2001\12\07@141431 by Harold M Hallikainen

picon face
       I'm having fun with Squirrel Mail - Web Mail For Nuts!

Harold

On Fri, 7 Dec 2001 08:14:44 -0600 Dale Botkin <KILLspamdaleKILLspamspamBOTKIN.ORG> writes:
{Quote hidden}

FCC Rules Online at http://hallikainen.com/FccRules
Lighting control for theatre and television at http://www.dovesystems.com

________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
dl.http://www.juno.com/get/web/.

--
http://www.piclist.com hint: To leave the PICList
spamBeGonepiclist-unsubscribe-requestspamBeGonespammitvma.mit.edu


2001\12\07@144206 by Dipperstein, Michael

face picon face
> From: Dale Botkin [TakeThisOuTdaleEraseMEspamspam_OUTbotkin.org]
>
> > Yes, delete M$ IE and install netscape like
> > any sensible internet user. :o)
> > -Roman
>
> Netscape?  Yuck!  Linux and Kmail, or better yet Pine!
>
> <big grin here, just stirring the pot...  I'm *kidding*, folks!!>
>
> Dale

I wish you would have told my wife you were kidding.  After falling victim to
badtrans, and receiving a few copies of goner (which she avoided opening), she
backed-up all her data and installed Linux on her PC.

The cool thing is that it's up and running fine.  I guess that says something
for Red Hat's ease of install.

The not so cool thing is that her PC came with a Winmodem, and I either have to
get it to work, or find a real modem that's Linux compatible.  I think I may
just bite the bullet and buy a real modem.

-Mike

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestspamTakeThisOuTmitvma.mit.edu


2001\12\07@192952 by M. Adam Davis

flavicon
face
Bite the bullet.  You'll thank yourself time and time again.

-Adam

Dipperstein, Michael wrote:

{Quote hidden}

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestEraseMEspamEraseMEmitvma.mit.edu


2001\12\07@193201 by M. Adam Davis

flavicon
face
You'll find that more and more emails are beig sent that open a window
to a website without asking.  This website then hides the window as best
it can, and shows pop-up ads to you once in awhile.  Most of these will
not be caught by virus scanners, since they aren't doing anything other
than opening more browser windows.

-Adam

Tony Nixon wrote:

{Quote hidden}

--
http://www.piclist.com hint: To leave the PICList
EraseMEpiclist-unsubscribe-requestspamspamspamBeGonemitvma.mit.edu


2001\12\07@203120 by Dale Botkin

flavicon
face
On Fri, 7 Dec 2001, Dipperstein, Michael wrote:

> > From: Dale Botkin [RemoveMEdaleKILLspamspambotkin.org]
> >
> > > Yes, delete M$ IE and install netscape like
> > > any sensible internet user. :o)
> > > -Roman
> >
> > Netscape?  Yuck!  Linux and Kmail, or better yet Pine!
> >
> > <big grin here, just stirring the pot...  I'm *kidding*, folks!!>
> >
> > Dale
>
> I wish you would have told my wife you were kidding.  After falling victim to
> badtrans, and receiving a few copies of goner (which she avoided opening), she
> backed-up all her data and installed Linux on her PC.
>
> The cool thing is that it's up and running fine.  I guess that says something
> for Red Hat's ease of install.

Oh yeah..  it does work fine.  And I *like* some of the mail clients,
especially Kmail.

> The not so cool thing is that her PC came with a Winmodem, and I either have to
> get it to work, or find a real modem that's Linux compatible.  I think I may
> just bite the bullet and buy a real modem.

Should be cheap enough.  But aren't there Linux drivers for those things
yet?  I'm surprised.

Dale

--
http://www.piclist.com hint: To leave the PICList
piclist-unsubscribe-requestSTOPspamspamspam_OUTmitvma.mit.edu


2001\12\07@203146 by Andy N1YEW

picon face
www.linmodems.org

look for it there...

my winmodem had a driver for linux, so now i have 56 k :-D

andy
{Original Message removed}

2001\12\07@203412 by Josh Koffman

flavicon
face
I think someone was working on linux drivers for winmodems a few years
back. I don't know what ever actually happened to the project though.
Try searching the linux sites...you may be surprised.

Josh

"Dipperstein, Michael" wrote:
{Quote hidden}

--
A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools.
       -Douglas Adams

--
http://www.piclist.com hint: To leave the PICList
EraseMEpiclist-unsubscribe-requestspamEraseMEmitvma.mit.edu


2001\12\08@104949 by dr. Imre Bartfai

flavicon
face
Hi,

there are meanwhile some Linux drivers for winmodem. E. g. I possess a
Compaq Notebook 100 which has a such beast built-in. I found an
appropriate driver (actually a module) for this under Linux (I do not use
Windoze).

Regards,
Imre

+-----------------------------------------------------------------------+
| The information transmitted is intended only for the person or entity |
| to which it is addressed and may contain confidential and/or          |
| privileged material.  Any review, retransmission, dissemination or    |
| other use of, or taking of any action in reliance upon, this          |
| information by persons or entities other than the intended recipient  |
| is prohibited. If you received this in error, please contact the      |
| sender and delete the material from any computer.                     |
+-----------------------------------------------------------------------+

On Fri, 7 Dec 2001, M. Adam Davis wrote:

{Quote hidden}

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads


2001\12\08@183822 by Konstantinos Bibis

picon face
visit http://windowsupdate.microsoft.com

Upgrade to the latest Outlook Express version and install additional
upgrades.
All recent versions of OE ask you wether you want to open, save or ignore
the attachments.

Oh, and also ignore people on this list who think that 'sensible' internet
users should use Netscape.


{Original Message removed}

2001\12\08@183851 by Scott Dattalo

face
flavicon
face
On Sat, 8 Dec 2001, dr. Imre Bartfai wrote:

> Hi,
>
> there are meanwhile some Linux drivers for winmodem. E. g. I possess a
> Compaq Notebook 100 which has a such beast built-in. I found an
> appropriate driver (actually a module) for this under Linux (I do not use
> Windoze).
>

I really didn't need dial up access from my laptop until just now. I
downloaded the latest driver here:

http://www.physcip.uni-stuttgart.de/heby/ltmodem/

and found that it worked for my Compaq Armada E500 just fine.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads


2001\12\10@163411 by Tony Nixon

flavicon
picon face
Hi all,

The virus I suspected the other day turned out to be
"Win32/Nimda.E.Worm"


--
Best regards

Tony

mICros
http://www.bubblesoftonline.com
TakeThisOuTsales.....spamTakeThisOuTbubblesoftonline.com

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.



'[OT]: Virus'
2002\03\21@085717 by o-8859-2?Q?Branko_Karaklaji=E6?=
flavicon
face
I got virus from piclist mail server

virus is

I-Worm.Magistr.b

someone shuld check piclist server or something else for viruses

bye
-------------------------------------------------
TakeThisOuTbranekKILLspamspamspameunet.yu
http://solair.eunet.yu/~branek
    ICQ - 15616778

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email .....listservspamRemoveMEmitvma.mit.edu with SET PICList DIGEST in the body


2002\03\21@091216 by Milan Pavlica YU7AEC

flavicon
face
part 0 44 bytes
his is a multi-part message in MIME format.
part 1 772 bytes content-type:text/plain; charset=koi8-r (decoded quoted-printable)

Is there any chances that PIC mail list server get those KAV for
scanning emails?
If Admin is interested, maybe all of us can donate to buy such product
to save us (our time, projects, HDD data etc etc etc)?!?!?!?
See ya folks..

Branko KaraklajiŠ wrote:

{Quote hidden}


part 2 201 bytes content-type:text/x-vcard; charset=koi8-r;
(decoded 7bit)

begin:vcard
n:Pavlica;Milan
x-mozilla-html:FALSE
org:SuperSonic Systems
adr:;;;;;;
version:2.1
email;internet:TakeThisOuTmpavlicaspamspamptt.yu
title:Chief
fn:Milan Pavlica
end:vcard


part 3 136 bytes
--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email listservEraseMEspammitvma.mit.edu with SET PICList DIGEST in the body


2002\03\21@102425 by Dale Botkin

flavicon
face
The list server does not have (is probably not capable of having) a virus.
The virus was attached to a message sent through the list.  It was an
exceedingly clumsy one, sent in the form of a .BAT file -- I sincerely
hope no one is foolish enough to actually run an unsolicited executable
file received fom anyone via email.  please delete the offending message
(everyone), and if you are using a virus-susceptible system (any Windows
OS) make sure you're running an antivirus and mail scanner.  I've been
dealing with "helpful" messaegs from various mail servers all morning.

Dale
--
"Curiosity is the very basis of education and if you tell me that
curiosity killed the cat, I say only the cat died nobly."
         - Arnold Edinborough

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email RemoveMElistservEraseMEspamspam_OUTmitvma.mit.edu with SET PICList DIGEST in the body


2002\03\21@102843 by Dale Botkin

flavicon
face
On Thu, 21 Mar 2002, Milan Pavlica YU7AEC wrote:

> Is there any chances that PIC mail list server get those KAV for
> scanning emails?

No.  Not unless, of course, you want to write one that runs on an IBM
mainframe under VM, and then get a job at MIT and convince your boss to
let you install it.  Should only take 15 years or so.

> If Admin is interested, maybe all of us can donate to buy such product
> to save us (our time, projects, HDD data etc etc etc)?!?!?!?

A much simpler solution would be for all Windows users to take the basic
precaution of using antivurus software, and NOT RUNNING UNSOLICITED
EXECUTABLES rceived via email.  This was an old virus sent as a .BAT file,
there's really no reason anyone should have been fooled.  Virus scanning
on the current list server simply isn't going to happen.

Dale

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email @spam@listservRemoveMEspamEraseMEmitvma.mit.edu with SET PICList DIGEST in the body


2002\03\21@103904 by John Ferrell

flavicon
face
Virus scanning at the server level would be an early step towards censorship
of all traffic!

Not a desirable attribute.

{Original Message removed}

2002\03\21@110706 by M. Adam Davis

flavicon
face
Actually, it's a very useful and desirable setup for companies,
corporations and even ISP's.  It's not anywhere close to censorship,
unless you convince the virus companies to start adding certian phrases
to their software (which is unliklely).

In all of those cases there are benefits for the person running the
server, for instance most new viruses send copies of not only
themselves, but documents from the user's hard drive.  These extra
emails can quickly clog an email server, especially in a large
organization, nevermind the spreading/destruction of potentially
sensitive information.

User education only goes so far.

Having to administer a network, I've had to deal with 3 of the top five
current viruses listed on antivirus.com .  I would welcome email server
scanning of viruses, since they all come from email, and I have a
chronic problem with users that forward everything.  I don't control the
mail server right now (outsourced) though, so I'm using a corporate
virus scanner which the user's can't change and I can control remotely -
about the best solution so far, as they are always up to date.

Besides, censorship is so time consuming that it's not cost effective.
It's easy to censor something that has limited information (such as a
newspaper - there are only so many articles per day) but you really
can't control the distribution of email, web sites, etc since they are
dynamic and there is simply too much information.  Any rules based
system can be defeated.  Even the lists of 'objectionable' web sites are
not good, and there are easy ways to get around every program that
implements such a system.

So, in essence, it's easier, better, cheaper, etc to make a policy,
educate the employees (or customers) and enforce the policy using normal
methods.  People who try to control information (and therefore people)
are going to be constantly frustrated.

Virus protection, however, encompasses such a small space that it's
relatively easy to do electronically.

-Adam

John Ferrell wrote:

>Virus scanning at the server level would be an early step towards censorship
>of all traffic!
>
>Not a desirable attribute.
>
>{Original Message removed}

2002\03\21@151521 by Milan Pavlica YU7AEC

flavicon
face
part 0 44 bytes
his is a multi-part message in MIME format.
part 1 4513 bytes content-type:text/plain; charset=koi8-r (decoded 7bit)

I know that!
My ISP have it and it is OK
They use KAV
BUT!
There are a lot of them which do not have etc etc etc...
See ya...

"M. Adam Davis" wrote:

{Quote hidden}

> >{Original Message removed}
part 2 201 bytes content-type:text/x-vcard; charset=koi8-r;
(decoded 7bit)

begin:vcard
n:Pavlica;Milan
x-mozilla-html:FALSE
org:SuperSonic Systems
adr:;;;;;;
version:2.1
email;internet:EraseMEmpavlicaspam@spam@ptt.yu
title:Chief
fn:Milan Pavlica
end:vcard


part 3 136 bytes
--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email @spam@listservspam_OUTspam.....mitvma.mit.edu with SET PICList DIGEST in the body


More... (looser matching)
- Last day of these posts
- In 2002 , 2003 only
- Today
- New search...