First off, don't get scared, this isn't about a virus posted to the list :-)
I work part time as a computer support tech here at Cornell and we have
got several computers which appear to be infected with a virus which
McAfee calls "W32/MTX@MM". However, when I go to their site and look up
info on the behavior of this virus, it doesn't exactly match the behavior
on our infected machines. More importantly, McAfee refuses to clean it
(even though we have the latest update and thw site implies that it can
be cleaned). Anyone heard of this virus or any possible new variants?
Can you offer any help? Is Norton AV better than McAfee?
Thanks,
Sean
-- http://www.piclist.com hint: PICList Posts must start with ONE topic:
"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's
>
> Hi all,
>
> First off, don't get scared, this isn't about a virus posted to the list :-)
>
> I work part time as a computer support tech here at Cornell and we have
> got several computers which appear to be infected with a virus which
> McAfee calls "W32/MTX@MM". However, when I go to their site and look up
> info on the behavior of this virus, it doesn't exactly match the behavior
> on our infected machines. More importantly, McAfee refuses to clean it
> (even though we have the latest update and thw site implies that it can
> be cleaned). Anyone heard of this virus or any possible new variants?
> Can you offer any help? Is Norton AV better than McAfee?
>
> Thanks,
>
> Sean
>
> --
> http://www.piclist.com hint: PICList Posts must start with ONE topic:
> "[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's
-- http://www.piclist.com hint: PICList Posts must start with ONE topic:
"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's
Try Norman (http://www.norman.com). If it doesn't clean it either, you just might
have a mutation of W32/MTX@MM, in wich case you should back up a couple of
files and mail it to one of the 'good' companies. (Norman, wich my company
uses at about 600 servers and 12K 'puters, usually have it out in a day or
so)
> No, but I bet if you send the virus to a bunch of mailing lists and newsgroups
> they'll clean your clock... er, computer...
>
> If McAfee won't do it, try Symantec, or one of the other of dozens of virus
> protection programs.
>
> Oh, and back up your important data. Now.
>
> -Adam
>
> Sean Breheny wrote:
> >
> > Hi all,
> >
> > First off, don't get scared, this isn't about a virus posted to the list :-)
> >
> > I work part time as a computer support tech here at Cornell and we have
> > got several computers which appear to be infected with a virus which
> > McAfee calls "W32/MTX@MM". However, when I go to their site and look up
> > info on the behavior of this virus, it doesn't exactly match the behavior
> > on our infected machines. More importantly, McAfee refuses to clean it
> > (even though we have the latest update and thw site implies that it can
> > be cleaned). Anyone heard of this virus or any possible new variants?
> > Can you offer any help? Is Norton AV better than McAfee?
> >
> > Thanks,
> >
> > Sean
> >
> > --
> > http://www.piclist.com hint: PICList Posts must start with ONE topic:
> > "[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's
>
> --
> http://www.piclist.com hint: PICList Posts must start with ONE topic:
> "[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's
>
>
>
-- http://www.piclist.com hint: PICList Posts must start with ONE topic:
"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's
>Sounds like the voice of experience... ;-)
>
>-Adam
>
>Barry Gershenfeld wrote:
>> But *don't* write over your previous backup!
>
>--
>http://www.piclist.com hint: PICList Posts must start with ONE topic:
>"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's
>
>
>
>
-- http://www.piclist.com hint: PICList Posts must start with ONE topic:
"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's
Try also f-prot's Windows version; They're pretty regularly putting out
virus updates, at http://www.complex.is/f-prot/obtaining.html, get the
latest virus file updates (Sign.Def and Macro.Def) also so you have
those, the data files in the Windows version are from April (when it was
released.)
> Hi Adam,
>
> That's why I am telnetting to another server in order to send these
> emails to the piclist :-)
>
> Yes, we are backing up the data on all the machines which are infected.
>
> Thanks,
>
> Sean
-- http://www.piclist.com hint: PICList Posts must start with ONE topic:
"[PIC]:" PIC only "[EE]:" engineering "[OT]:" off topic "[AD]:" ad's
We finally fixed it by a complex process which involved scanning the
infected machines remotely, over the network. We used Norton AV, but had to
run it remotely because when installed on the local machine, the infected
DLL files seemed to interfere with its Live Update feature, which was
necessary to get a recent enough update in order to recognize this virus.
We also had to edit the registry (as per Symantec's site's instructions)
and reboot the machine and scan again (it seemed to leave the virus in
memory which then left one additional infected file on the drive).
This virus is fascinating because it was actually intended to download
plugins for itself from a web site (which has now been shut down). The
virus also detects when an AV program is running and lies dormant, which
explains why some of our machines were exhibiting no symptoms and others were.
I received some email the other day and all I did was single click a
message and as soon as focus shifted to it, some sort of exe program
executed, and I'm pretty sure i have a worm or virus or something
although the latest VET doesn't report it. All I saw as a window open
and close so quickly that I couldn't make out what it was.
Can anyone tell me how to stop things like this happening with
Microsofts mail program? I looked through the options etc. but can't see
how to make my mail just readable - not executable as it pleases.
Tony Nixon wrote:
>
> Sorry for the OT and more virus stuff.
>
> I received some email the other day and all I did was single click a
> message and as soon as focus shifted to it, some sort of exe program
> executed, and I'm pretty sure i have a worm or virus or something
> although the latest VET doesn't report it. All I saw as a window open
> and close so quickly that I couldn't make out what it was.
>
> Can anyone tell me how to stop things like this happening with
> Microsofts mail program? I looked through the options etc. but can't see
> how to make my mail just readable - not executable as it pleases.
Yes, delete M$ IE and install netscape like
any sensible internet user. :o)
-Roman
>Sorry for the OT and more virus stuff.
>
>I received some email the other day and all I did was single click a
>message and as soon as focus shifted to it, some sort of exe program
>executed, and I'm pretty sure i have a worm or virus or something
>although the latest VET doesn't report it. All I saw as a window open
>and close so quickly that I couldn't make out what it was.
>
>Can anyone tell me how to stop things like this happening with
>Microsofts mail program? I looked through the options etc. but can't see
>how to make my mail just readable - not executable as it pleases.
>
>--
>Best regards
>
>Tony
Hi,
Simple solution is to delete/rename Wscript.exe in your Windows directory.
The script autoexecution is big security hole in Windows Outlook express.
I never found anybody else than viruses to use it.
Also you can put your Internet security options to ask you before any file
execution.
Also see if the from address in the header has an underscore prefix.
If these items are present in the mail header then it was the Badtrans
virus. For some reason Outlook fires up something, even if the attached
virus has already been removed by AV software (I think it was media player
but, it closes too fast to be sure).
BTW - I'm using MS LookOut because it is mandated by the corporate IT
department :-(. Although, in the nearly five years I've been using it I have
grown to like many features and, sensible operation combined with keeping up
with the patches has kept my PC's virus free. I have my brothers family run
only with Eudora for better safety but, someone in the house opened an
attachment and the PC got infected with SirCam a while back.
>
> Sorry for the OT and more virus stuff.
>
> I received some email the other day and all I did was single click a
> message and as soon as focus shifted to it, some sort of exe program
> executed, and I'm pretty sure i have a worm or virus or something
> although the latest VET doesn't report it. All I saw as a window open
> and close so quickly that I couldn't make out what it was.
>
> Can anyone tell me how to stop things like this happening with
> Microsofts mail program? I looked through the options etc. but can't see
> how to make my mail just readable - not executable as it pleases.
>
> --
> Best regards
>
> Tony
>
> mICros
> http://www.bubblesoftonline.com
> salesspam_OUTbubblesoftonline.com
>
>
________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today! For your FREE software, visit:
dl.http://www.juno.com/get/web/.
> From: Dale Botkin [TakeThisOuTdaleEraseMEspam_OUTbotkin.org]
>
> > Yes, delete M$ IE and install netscape like
> > any sensible internet user. :o)
> > -Roman
>
> Netscape? Yuck! Linux and Kmail, or better yet Pine!
>
> <big grin here, just stirring the pot... I'm *kidding*, folks!!>
>
> Dale
I wish you would have told my wife you were kidding. After falling victim to
badtrans, and receiving a few copies of goner (which she avoided opening), she
backed-up all her data and installed Linux on her PC.
The cool thing is that it's up and running fine. I guess that says something
for Red Hat's ease of install.
The not so cool thing is that her PC came with a Winmodem, and I either have to
get it to work, or find a real modem that's Linux compatible. I think I may
just bite the bullet and buy a real modem.
>>From: Dale Botkin [daleEraseME.....botkin.org]
>>
>>>Yes, delete M$ IE and install netscape like
>>>any sensible internet user. :o)
>>>-Roman
>>>
>>Netscape? Yuck! Linux and Kmail, or better yet Pine!
>>
>><big grin here, just stirring the pot... I'm *kidding*, folks!!>
>>
>>Dale
>>
>
>I wish you would have told my wife you were kidding. After falling victim to
>badtrans, and receiving a few copies of goner (which she avoided opening), she
>backed-up all her data and installed Linux on her PC.
>
>The cool thing is that it's up and running fine. I guess that says something
>for Red Hat's ease of install.
>
>The not so cool thing is that her PC came with a Winmodem, and I either have to
>get it to work, or find a real modem that's Linux compatible. I think I may
>just bite the bullet and buy a real modem.
>
>-Mike
>
>--
>http://www.piclist.com hint: To leave the PICList
>EraseMEpiclist-unsubscribe-requestmitvma.mit.edu
>
>
>
>
>
You'll find that more and more emails are beig sent that open a window
to a website without asking. This website then hides the window as best
it can, and shows pop-up ads to you once in awhile. Most of these will
not be caught by virus scanners, since they aren't doing anything other
than opening more browser windows.
>Sorry for the OT and more virus stuff.
>
>I received some email the other day and all I did was single click a
>message and as soon as focus shifted to it, some sort of exe program
>executed, and I'm pretty sure i have a worm or virus or something
>although the latest VET doesn't report it. All I saw as a window open
>and close so quickly that I couldn't make out what it was.
>
>Can anyone tell me how to stop things like this happening with
>Microsofts mail program? I looked through the options etc. but can't see
>how to make my mail just readable - not executable as it pleases.
>
>--
>Best regards
>
>Tony
>
>mICros
>http://www.bubblesoftonline.com
>RemoveMEsalesspam_OUTKILLspambubblesoftonline.com
>
>--
>http://www.piclist.com#nomail Going offline? Don't AutoReply us!
>email RemoveMElistservTakeThisOuTspammitvma.mit.edu with SET PICList DIGEST in the body
>
>
>
>
>
> > From: Dale Botkin [RemoveMEdaleKILLspambotkin.org]
> >
> > > Yes, delete M$ IE and install netscape like
> > > any sensible internet user. :o)
> > > -Roman
> >
> > Netscape? Yuck! Linux and Kmail, or better yet Pine!
> >
> > <big grin here, just stirring the pot... I'm *kidding*, folks!!>
> >
> > Dale
>
> I wish you would have told my wife you were kidding. After falling victim to
> badtrans, and receiving a few copies of goner (which she avoided opening), she
> backed-up all her data and installed Linux on her PC.
>
> The cool thing is that it's up and running fine. I guess that says something
> for Red Hat's ease of install.
Oh yeah.. it does work fine. And I *like* some of the mail clients,
especially Kmail.
> The not so cool thing is that her PC came with a Winmodem, and I either have to
> get it to work, or find a real modem that's Linux compatible. I think I may
> just bite the bullet and buy a real modem.
Should be cheap enough. But aren't there Linux drivers for those things
yet? I'm surprised.
I think someone was working on linux drivers for winmodems a few years
back. I don't know what ever actually happened to the project though.
Try searching the linux sites...you may be surprised.
>
> > From: Dale Botkin [spamBeGonedaleSTOPspamEraseMEbotkin.org]
> >
> > > Yes, delete M$ IE and install netscape like
> > > any sensible internet user. :o)
> > > -Roman
> >
> > Netscape? Yuck! Linux and Kmail, or better yet Pine!
> >
> > <big grin here, just stirring the pot... I'm *kidding*, folks!!>
> >
> > Dale
>
> I wish you would have told my wife you were kidding. After falling victim to
> badtrans, and receiving a few copies of goner (which she avoided opening), she
> backed-up all her data and installed Linux on her PC.
>
> The cool thing is that it's up and running fine. I guess that says something
> for Red Hat's ease of install.
>
> The not so cool thing is that her PC came with a Winmodem, and I either have to
> get it to work, or find a real modem that's Linux compatible. I think I may
> just bite the bullet and buy a real modem.
>
> -Mike
>
> --
> http://www.piclist.com hint: To leave the PICList
> KILLspampiclist-unsubscribe-requestspamBeGonemitvma.mit.edu
--
A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools.
-Douglas Adams
there are meanwhile some Linux drivers for winmodem. E. g. I possess a
Compaq Notebook 100 which has a such beast built-in. I found an
appropriate driver (actually a module) for this under Linux (I do not use
Windoze).
Regards,
Imre
+-----------------------------------------------------------------------+
| The information transmitted is intended only for the person or entity |
| to which it is addressed and may contain confidential and/or |
| privileged material. Any review, retransmission, dissemination or |
| other use of, or taking of any action in reliance upon, this |
| information by persons or entities other than the intended recipient |
| is prohibited. If you received this in error, please contact the |
| sender and delete the material from any computer. |
+-----------------------------------------------------------------------+
> Bite the bullet. You'll thank yourself time and time again.
>
> -Adam
>
> Dipperstein, Michael wrote:
>
> >>From: Dale Botkin [@spam@dale@spam@spam_OUTbotkin.org]
> >>
> >>>Yes, delete M$ IE and install netscape like
> >>>any sensible internet user. :o)
> >>>-Roman
> >>>
> >>Netscape? Yuck! Linux and Kmail, or better yet Pine!
> >>
> >><big grin here, just stirring the pot... I'm *kidding*, folks!!>
> >>
> >>Dale
> >>
> >
> >I wish you would have told my wife you were kidding. After falling victim to
> >badtrans, and receiving a few copies of goner (which she avoided opening), she
> >backed-up all her data and installed Linux on her PC.
> >
> >The cool thing is that it's up and running fine. I guess that says something
> >for Red Hat's ease of install.
> >
> >The not so cool thing is that her PC came with a Winmodem, and I either have to
> >get it to work, or find a real modem that's Linux compatible. I think I may
> >just bite the bullet and buy a real modem.
> >
> >-Mike
> >
> >--
> >http://www.piclist.com hint: To leave the PICList
> >spamBeGonepiclist-unsubscribe-requestKILLspammitvma.mit.edu>
> >
> >
> >
> >
> >
>
> --
> http://www.piclist.com hint: To leave the PICList
> .....piclist-unsubscribe-requestspam_OUTmitvma.mit.edu
>
>
-- http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads
Upgrade to the latest Outlook Express version and install additional
upgrades.
All recent versions of OE ask you wether you want to open, save or ignore
the attachments.
Oh, and also ignore people on this list who think that 'sensible' internet
users should use Netscape.
> Hi,
>
> there are meanwhile some Linux drivers for winmodem. E. g. I possess a
> Compaq Notebook 100 which has a such beast built-in. I found an
> appropriate driver (actually a module) for this under Linux (I do not use
> Windoze).
>
I really didn't need dial up access from my laptop until just now. I
downloaded the latest driver here:
part 0 44 bytes his is a multi-part message in MIME format. part 1 772 bytes content-type:text/plain; charset=koi8-r (decoded quoted-printable)
Is there any chances that PIC mail list server get those KAV for
scanning emails?
If Admin is interested, maybe all of us can donate to buy such product
to save us (our time, projects, HDD data etc etc etc)?!?!?!?
See ya folks..
The list server does not have (is probably not capable of having) a virus.
The virus was attached to a message sent through the list. It was an
exceedingly clumsy one, sent in the form of a .BAT file -- I sincerely
hope no one is foolish enough to actually run an unsolicited executable
file received fom anyone via email. please delete the offending message
(everyone), and if you are using a virus-susceptible system (any Windows
OS) make sure you're running an antivirus and mail scanner. I've been
dealing with "helpful" messaegs from various mail servers all morning.
Dale
--
"Curiosity is the very basis of education and if you tell me that
curiosity killed the cat, I say only the cat died nobly."
- Arnold Edinborough
> Is there any chances that PIC mail list server get those KAV for
> scanning emails?
No. Not unless, of course, you want to write one that runs on an IBM
mainframe under VM, and then get a job at MIT and convince your boss to
let you install it. Should only take 15 years or so.
> If Admin is interested, maybe all of us can donate to buy such product
> to save us (our time, projects, HDD data etc etc etc)?!?!?!?
A much simpler solution would be for all Windows users to take the basic
precaution of using antivurus software, and NOT RUNNING UNSOLICITED
EXECUTABLES rceived via email. This was an old virus sent as a .BAT file,
there's really no reason anyone should have been fooled. Virus scanning
on the current list server simply isn't going to happen.
Actually, it's a very useful and desirable setup for companies,
corporations and even ISP's. It's not anywhere close to censorship,
unless you convince the virus companies to start adding certian phrases
to their software (which is unliklely).
In all of those cases there are benefits for the person running the
server, for instance most new viruses send copies of not only
themselves, but documents from the user's hard drive. These extra
emails can quickly clog an email server, especially in a large
organization, nevermind the spreading/destruction of potentially
sensitive information.
User education only goes so far.
Having to administer a network, I've had to deal with 3 of the top five
current viruses listed on antivirus.com . I would welcome email server
scanning of viruses, since they all come from email, and I have a
chronic problem with users that forward everything. I don't control the
mail server right now (outsourced) though, so I'm using a corporate
virus scanner which the user's can't change and I can control remotely -
about the best solution so far, as they are always up to date.
Besides, censorship is so time consuming that it's not cost effective.
It's easy to censor something that has limited information (such as a
newspaper - there are only so many articles per day) but you really
can't control the distribution of email, web sites, etc since they are
dynamic and there is simply too much information. Any rules based
system can be defeated. Even the lists of 'objectionable' web sites are
not good, and there are easy ways to get around every program that
implements such a system.
So, in essence, it's easier, better, cheaper, etc to make a policy,
educate the employees (or customers) and enforce the policy using normal
methods. People who try to control information (and therefore people)
are going to be constantly frustrated.
Virus protection, however, encompasses such a small space that it's
relatively easy to do electronically.
-Adam
John Ferrell wrote:
>Virus scanning at the server level would be an early step towards censorship
>of all traffic!
>
>Not a desirable attribute.
>
>{Original Message removed}
> Actually, it's a very useful and desirable setup for companies,
> corporations and even ISP's. It's not anywhere close to censorship,
> unless you convince the virus companies to start adding certian phrases
> to their software (which is unliklely).
>
> In all of those cases there are benefits for the person running the
> server, for instance most new viruses send copies of not only
> themselves, but documents from the user's hard drive. These extra
> emails can quickly clog an email server, especially in a large
> organization, nevermind the spreading/destruction of potentially
> sensitive information.
>
> User education only goes so far.
>
> Having to administer a network, I've had to deal with 3 of the top five
> current viruses listed on antivirus.com . I would welcome email server
> scanning of viruses, since they all come from email, and I have a
> chronic problem with users that forward everything. I don't control the
> mail server right now (outsourced) though, so I'm using a corporate
> virus scanner which the user's can't change and I can control remotely -
> about the best solution so far, as they are always up to date.
>
> Besides, censorship is so time consuming that it's not cost effective.
> It's easy to censor something that has limited information (such as a
> newspaper - there are only so many articles per day) but you really
> can't control the distribution of email, web sites, etc since they are
> dynamic and there is simply too much information. Any rules based
> system can be defeated. Even the lists of 'objectionable' web sites are
> not good, and there are easy ways to get around every program that
> implements such a system.
>
> So, in essence, it's easier, better, cheaper, etc to make a policy,
> educate the employees (or customers) and enforce the policy using normal
> methods. People who try to control information (and therefore people)
> are going to be constantly frustrated.
>
> Virus protection, however, encompasses such a small space that it's
> relatively easy to do electronically.
>
> -Adam
>
> John Ferrell wrote:
>
> >Virus scanning at the server level would be an early step towards censorship
> >of all traffic!
> >
> >Not a desirable attribute.
> >
bubblesoftonline.com
