Email Virus posing as Daoc stuff

[old.Asmodan]

One of my guildm8s got a mail containing a virus that busted his machine today, he made a post about it on our msgboard at www.clanbearhawk.com and im gonna redo the main part of it here for the rest of you to see

right
i have been thinking adn this is what happend

Got a mail from a normal shmo (not anyone claiming to be a daoc rep or anything)
didnt recognise the email addy but i have lots of adresses so it might be someone i know or it might not.

the text of the file was all things like DD shout damage value's and chanter casting times.

there was about 3 lines of text and under it it said enjoy the atachment mate.

the attachment was called chanter.doc (or something like that).

being a suspicios bastard i run it through Norton 2002 (as i do with all atachments) adn it came back clean.

when i run the attachment it said this is a dos app adn the window closed.
nothing elce happend at this point.
i tried to deleate the atachment from my desk top but it was in use so i couldnt.

i open my task manager but as soon as the close program box opend it closed again by its self.

i tried to run norton again (norton was updated on sunday bytheway)
but it wouldnt open.
at this point my pc locked out adn i had to hard reset.

when i booted up again i got online.as soon as i did my zonealarm kicked in asking it i wanted wttt.exe (im prettusure this is what it was called)to access the internet (called its self a slidshow program)

I did a search of my pc and there was a info file called wttt with the name of a virus hacking group inside.(something like viking hackers or osme crap).

did a search online for the wttt.exe adn found nothing.
came here to post about it and froze up again.
hard reset again and gto online and came here to post the basics fst before i froze again.
just got them on and froze up.
lost my rag and stuck a boot disc in and reformated my pc (foolishly with out righting down the name of the email sendre or the file name or anyother infomation that would be usefull right now).

all tha usefull info is now lost along with aprox 30 gig of quality porn from my harddrive.

so if you get any similar mails be carefull

 

[Addlcove]

best advice on the planet DO NOT OPEN FILES YOU DO NOT KNOW WHAT CONTAINS :=)

this mights seem a little over causious but hey paranoid? thats me

generally I´m not to careful myself I just check I trust who I get it from (which = all attached .exe files from my parents gets deleted) not that I don´t trust them I just don´t thrust them computerwise

 

[old.Lotalesh]

Virus?

Well I got a problem with my PC (check it out in Technical Help) and yesterday I found out (after I already had the problem) there were 5 (!) e-mails with virusses in my mailbox.... I didn't open one of them but I guess the virus kicks in when you log-in to your mail box or something. The weird part is, the files that were attached, were files taken from my own hard disc. The e-mail would contain a part of the file and a few lines text saying 'check out the attachment.' If anybody can help me post it under 'Problem with my computer' (Technical Help) please.

 

[Khalen]

I delete emails instantly when I don't know from who it is or from some address I never have seen before...

 

[inqy]

might have been the wwt virus: http://vil.nai.com/vil/content/v_1404.htm

Notice it mentions can be run from a word doc. As has been said, don't run attachments unless they are from computer literate trusted sources.

In fact, I don't run attachments unless it was something I have specifically requested from that person to send me. I've set up a rule to put any emails with attachments into a seperate folder. Said folder is deleted upon exiting unless I grab something out of there to look at that I *KNOW* is clean.

Works for me.

 

[Belsameth]

("`-''-/").___..--''"`-._
`6_ 6 ) `-. ( ).`-.__.`)
(_Y_.)' ._ ) `._ `. ``-..-'
_..`--'_..-_/ /--'_.' ,'
((' ((((-((-'' ((((
Cath Paluc

[

Lets kill it tonight! I got a score to settle with it as well

besides. I did 4 damage (styled) to it, so you must've only did 1...you need me

 

[SFXman]

If an app tries to get to the internet right after such an incident it is most likely a backdoor type of program, I know because my cousin has played tricks on me before
About virus scanners, they are most certainly NOT perfect, they will not find every single virus ever created in any form... are you sure he had the latest updates to the norton anti-vir software? Sometimes you need at least a weekly update...
Plus, don't open any attachment from an unknown person... common sense buddy.

 

[Flimgoblin]

Normally you'd think .docs would be ok ...

I don't trust anything other than gifs and jpegs

and even then only when it's from someone I know (although most worms work by emailing to everyone in your address book so if your friend gets it they'll pass it to you)

watch out for things called .scr or .vbs
as well as .exe

they're all executables.

 

[Alrindel]

If you have office 95 or later (97 was probably the worst) .DOCs can be quite dangerous, as they can contain visual basic macros that can be just as nasty as any .vbs

 

[Keri]

Another tip ... Close your preview pane in Outlook or Outlook Express. Some viruses/worms (klez worm is one) can execute by having the e-mail in your preview pane.

Also, if you use NAV, don't rely only on the Live Update. You should really use Symantec's Intelligent Updater which you can find instructions for, and a link to at:
Norton AntiVirus Intelligent Updater

Symantec's security section also provides a downloadable tool to remove the klez worm from your computer, with full, clear instructions.

 

[Ardwan]

I don't really mind getting viruses, as long as they ain't the ones that actaully destroy some hardware, if they just mean I have to re-format I ain't bothered, I have some fun trying to disinfect the PC first though, and as far as I know, I have only ever had to re-format my computer once due to a virus..but I have only ever had about 3 viruses that I know about.

 

[Keri]

btw .. I have even seen the klez worm embedded in a .txt file .. so it would not surprise me to see a virus or worm in a .gif or .jpg file.

If you didn't request an attachment you receive, delete it.

 

[inqy]

Originally posted by Keri
If you didn't request an attachment you receive, delete it.

exactly my thinking...

 

[Belsameth]

Originally posted by Keri
Another tip ... Close your preview pane in Outlook or Outlook Express. Some viruses/worms (klez worm is one) can execute by having the e-mail in your preview pane.

as a comment to that.
frequently visit windowsupdate.microsoft.com
it has lotsa nice updates which clean security holes such as the one Klez uses, and the great thing is it's usable for everybody due to a clear and userfriendly interface

 

[Pfy]

OMG, 30gig of quality porn ... gone ... :[

I feel for him ...

 

[SFXman]

To me it doesn't matter what I'd lose from my PC in such a case, it would still be a bitch tbh
Be it porn, save games, pictures, documents or whatever... I would still feel like something is missing no matter what it was and often it is not possible to get it back.

 

[old.Laico]

I bet its this little bastard:

http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.f@mm.html

it killed al the .exes in one of my friend`s hard disk when he tried to prevent mass mailing with a firewall.

Ppl making this kind of shit programs called viruses only deserve the worst.

 

[SFXman]

I also fial to understand why the f*ck do some pricks make these damn viruses/worms/trojans etc... they deserve years in prison and not some damn fines or crap like that.

 

[old.Laico]

I almost forgot... when the hell ISPs are going to install virus scaners in email servers?

 

[SFXman]

In Finland some do already... just not that common yet.

 

[Ardwan]

Try setting up an email address with Barrysworld, as I had like 3-4 viruses sent to me about a week ago, and they were all stopped by whatever scanner BW use, and I just got an email telling me that I had been sent a virus, and they had quarantined it.