[TechAssist] Re: security problems today
- From: "Tel-Tek Electronics" <teltek2@xxxxxxxxxxxx>
- To: <techassist@xxxxxxxxxxxxx>
- Date: Sun, 27 Oct 2002 15:29:40 -0500
Try this site for now. There is another one on Symantec, so if this doesn't
work I'll send you the other one.
Read the instructions on this MS site, and make sure you download the patch
for the correct OS.
Make sure your other computer is not networked at the time you do this.
-Ed-
Tel-Tek Electronics
Ontario-Canada
teltek2@xxxxxxxxxxxx
----- Original Message -----
From: "Clancy Harms" <dickstv1@xxxxxxxxxxxxx>
To: <techassist@xxxxxxxxxxxxx>
Sent: Sunday, October 27, 2002 3:28 PM
Subject: [TechAssist] Re: security problems today
>
> Windows 98SE
>
> Clancy Harms, NESDA's Region 7 Director
> Dick's Radio & TV, Inc.
> 2319 West Clay St. "Aim high men"
> St. Charles, MO. 63301 "they're on camels"
> (636)-724-5055
> (636)-724-5531 fax
> email: dickstv1@xxxxxxxxxxxxx
> ----- Original Message -----
> From: "Tel-Tek Electronics" <teltek2@xxxxxxxxxxxx>
> To: <techassist@xxxxxxxxxxxxx>
> Sent: Sunday, October 27, 2002 2:20 PM
> Subject: [TechAssist] Re: security problems today
>
>
> >
> > What version of Windows are you using?
> >
> > -Ed-
> > Tel-Tek Electronics
> > Ontario-Canada
> > teltek2@xxxxxxxxxxxx
> > ----- Original Message -----
> > From: "Clancy Harms" <dickstv1@xxxxxxxxxxxxx>
> > To: <techassist@xxxxxxxxxxxxx>
> > Sent: Sunday, October 27, 2002 2:50 PM
> > Subject: [TechAssist] Re: security problems today
> >
> >
> > >
> > > Ed
> > > Are you saying (Re: The first sentence in your reply) that
> > > I should reinstall the 'Brasil.exe' file?
> > > By the way...Norton has found the 'Opaserv' virus twice since our
> > > conversation started just now!
> > >
> > > Clancy Harms,
> > > Dick's Radio & TV, Inc.
> > > 2319 West Clay St. "Aim high men"
> > > St. Charles, MO. 63301 "they're on camels"
> > > (636)-724-5055
> > > (636)-724-5531 fax
> > > email: dickstv1@xxxxxxxxxxxxx
> > > ----- Original Message -----
> > > From: "Tel-Tek Electronics" <teltek2@xxxxxxxxxxxx>
> > > To: <techassist@xxxxxxxxxxxxx>
> > > Sent: Sunday, October 27, 2002 1:33 PM
> > > Subject: [TechAssist] Re: security problems today
> > >
> > >
> > > >
> > > > Check your start up folder...they are all in there, and add
> > "brasil.exe".
> > > > I just went thru 3 days of getting rid of it.
> > > > Finally had to format my "boot" drive, and re-installing Windows ME.
> > > >
> > > > Clancy...this is very important, make sure you stop all Networking,
or
> > > while
> > > > you are erradicating it on one computer, it hides on the other one,
> then
> > > > cpmes right back. Actually physically remove the the plug from the
> > > > networking card. My Norton 2000 did a lousy job on repairing it, so
I
> > had
> > > to
> > > > update to 2003.
> > > >
> > > > Good luck.
> > > >
> > > > -Ed-
> > > > Tel-Tek Electronics
> > > > Ontario-Canada
> > > > teltek2@xxxxxxxxxxxx
> > > > ----- Original Message -----
> > > > From: "Clancy Harms" <dickstv1@xxxxxxxxxxxxx>
> > > > To: <techassist@xxxxxxxxxxxxx>
> > > > Sent: Sunday, October 27, 2002 1:51 PM
> > > > Subject: [TechAssist] Re: security problems today
> > > >
> > > >
> > > > >
> > > > > Hi all;
> > > > > I'm also fighting this crap!
> > > > > Check for 'ALEVIR.EXE', 'MSSG.EXE', & 'SCRSVR.EXE',
> > > > > They've hit me yesterday and today (Sunday)
> > > > >
> > > > > Clancy Harms, Dick's Radio & TV, Inc.
> > > > > 2319 West Clay St. "Aim high men"
> > > > > St. Charles, MO. 63301 "they're on camels"
> > > > > (636)-724-5055
> > > > > (636)-724-5531 fax
> > > > > email: dickstv1@xxxxxxxxxxxxx
> > > > > ----- Original Message -----
> > > > > From: "Tel-Tek Electronics" <teltek2@xxxxxxxxxxxx>
> > > > > To: <techassist@xxxxxxxxxxxxx>
> > > > > Sent: Sunday, October 27, 2002 12:22 PM
> > > > > Subject: [TechAssist] Re: security problems today
> > > > >
> > > > >
> > > > > >
> > > > > > Gary....I know how you feel, I just went thru 3 days getting my
> > system
> > > > > > staightened out.
> > > > > > Do search for brasil.exe..on your system.also known by other
> names,
> > > but
> > > > > > that's a bad one.
> > > > > >
> > > > > > -Ed-
> > > > > > Tel-Tek Electronic.
> > > > > > Ontario-Canada
> > > > > > teltek2@xxxxxxxxxxxx
> > > > > > ----- Original Message -----
> > > > > > From: "Gary McCartney" <number63@xxxxxxxxxxxxx>
> > > > > > To: <techassist@xxxxxxxxxxxxx>
> > > > > > Sent: Saturday, October 26, 2002 11:16 PM
> > > > > > Subject: [TechAssist] security problems today
> > > > > >
> > > > > >
> > > > > > >
> > > > > > > I've had a busy day keeping my computer safe.
> > > > > > >
> > > > > > > First, I received several klez32 vir. and Norton AV 2002
picked
> > them
> > > > all
> > > > > > > up no problem, except after quaranteening it one time, my
inbox
> > > froze
> > > > > > > (Netscape 4.79). I restarted Netscape and it wouldn't allow me
> to
> > > > access
> > > > > > > my inbox at all. Then I scanned my whole system for vir.
> > > > > > > but Norton found nothing. I was lucky in finding what was
> causing
> > > the
> > > > > > > problem. After pressing "Control/Alt/Delete" to go into the
Win
> > 2000
> > > > > > > task manager, in the processes tab, Netscape was shown as
still
> > > > running
> > > > > > > even though I had closed it down. I clicked on the line and
> closed
> > > > > > > Netscape from there, then I could get my mail again. What a
> > relief.
> > > > > > >
> > > > > > > Second, I noticed an ICON on my desktop that didn't belong
> there.
> > It
> > > > > > > said, "GO IN.EXE"
> > > > > > > I did not click on it, fearing an uninvited guest placed it
> there.
> > I
> > > > did
> > > > > > > a search on Google and found out that it was an uninvited
> dial-up
> > > > > > > connection installed in Dial-up Networking. If I would have
> > clicked
> > > on
> > > > > > > the icon, I think it would have dialed up an overseas 1-900
> number
> > > and
> > > > > > > I'd been charged hundreds of bucks for the call.
> > > > > > >
> > > > > > > I deleted everything from my files relating to "go in.exe"
plus
> I
> > > > > > > scanned my registry for any keys, plus I did a Norton Win
Doctor
> > on
> > > my
> > > > > > > hard drive. This removes obsolete or bad keys from your
> registry.
> > > Then
> > > > I
> > > > > > > deleted temp internet files from IE and cleared all my
Netscape
> > > cache.
> > > > > > >
> > > > > > > Then I rebooted and the dial-up connection is gone, but the
> > warning
> > > is
> > > > > > > that it could come back, maybe days later. I searched
Symantec's
> > > site
> > > > > > > but they don't seem to know about it. I will be forwarding
this
> > > email
> > > > to
> > > > > > > them.
> > > > > > >
> > > > > > > I didn't find a lot of info on the net regarding this, but
here
> is
> > > > what
> > > > > > > another person had to say about it:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > SECURITY ALERT FOR PERSONAL COMPUTER USERS: I just learned
today
> > of
> > > a
> > > > > > > program call "go in.exe" that will be surreptiously installed
on
> > > your
> > > > > > > computer from surfing
> > > > > > > the web, usually there will be an invisible java program on a
> > > website
> > > > of
> > > > > > > the type that collect stats on browser hits, that installs
this
> on
> > > > your
> > > > > > > harddrive. What it does is Change
> > > > > > > the Default for your dialup connection and redirect it to
their
> > > > system.
> > > > > > > Then when you dialup, instead of your common carrier for
$19.95
> a
> > > > month
> > > > > > > or whatever you are paying
> > > > > > > for internet connection, they are using overseas long distance
> > lines
> > > > and
> > > > > > > you may then get a bill for thousands of dollars. I didn't get
> the
> > > > > > > details on how they would attempt to
> > > > > > > collect the money from you, but it would come under the
auspices
> > of
> > > > > > > "computer crime." However, the crime occurs in your area, and
my
> > > > finding
> > > > > > > so far is that local law
> > > > > > > enforcement officers as a rule do not have "the first clue!"
> > > > > > >
> > > > > > > Everyone should check their .exe files on the computer, and
take
> > > note
> > > > of
> > > > > > > any that look suspicious. You can do this by going to your
START
> > > MENU,
> > > > > > > select FIND, then type
> > > > > > > ASTERISK DOT EXE in this format *.exe and then click FIND, it
> will
> > > > LIST
> > > > > > > every program and you can then find out the nature of it by
> > > selecting
> > > > > > > FILE then PROPERTIES. Don't
> > > > > > > remove anything before you make sure that it is not an
operating
> > > > system
> > > > > > > file, or check with a computer expert, but you can temporarily
> > > disable
> > > > > > > it by changing the file to
> > > > > > > "READ ONLY."
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Gary McCartney
> > > > > > >
> > > > > > > McCartney Electronics
> > > > > > > 7134 Fife Rd, RR 7
> > > > > > > Guelph Ontario Canada N1H 6J4
> > > > > > > Fax: (519)821-1530
> > > > > > > email: number63 (at) inetsonic.com
> > > > > > >
> > > > > > > ------------------------------------------
> > > > > > > To REMOVE your email address, click here:
> > > > > > > http://www.tech-assist.org/unsubb.html
> > > > > > > To CHANGE your email address, click here:
> > > > > > > http://www.techassist.net/forms/change.html
> > > > > > > ------------------------------------------
> > > > > > > ***NEW*** Tips Added Instantly!!!***
> > > > > > > Submit Repair Tips here:
> > > > > > > http://www.tech-assist.org/secure/tip/
> > > > > >
> > > > > >
> > > > > > ------------------------------------------
> > > > > > To REMOVE your email address, click here:
> > > > > > http://www.tech-assist.org/unsubb.html
> > > > > > To CHANGE your email address, click here:
> > > > > > http://www.techassist.net/forms/change.html
> > > > > > ------------------------------------------
> > > > > > ***NEW*** Tips Added Instantly!!!***
> > > > > > Submit Repair Tips here:
> > > > > > http://www.tech-assist.org/secure/tip/
> > > > >
> > > > > ------------------------------------------
> > > > > To REMOVE your email address, click here:
> > > > > http://www.tech-assist.org/unsubb.html
> > > > > To CHANGE your email address, click here:
> > > > > http://www.techassist.net/forms/change.html
> > > > > ------------------------------------------
> > > > > ***NEW*** Tips Added Instantly!!!***
> > > > > Submit Repair Tips here:
> > > > > http://www.tech-assist.org/secure/tip/
> > > >
> > > >
> > > > ------------------------------------------
> > > > To REMOVE your email address, click here:
> > > > http://www.tech-assist.org/unsubb.html
> > > > To CHANGE your email address, click here:
> > > > http://www.techassist.net/forms/change.html
> > > > ------------------------------------------
> > > > ***NEW*** Tips Added Instantly!!!***
> > > > Submit Repair Tips here:
> > > > http://www.tech-assist.org/secure/tip/
> > >
> > > ------------------------------------------
> > > To REMOVE your email address, click here:
> > > http://www.tech-assist.org/unsubb.html
> > > To CHANGE your email address, click here:
> > > http://www.techassist.net/forms/change.html
> > > ------------------------------------------
> > > ***NEW*** Tips Added Instantly!!!***
> > > Submit Repair Tips here:
> > > http://www.tech-assist.org/secure/tip/
> >
> >
> > ------------------------------------------
> > To REMOVE your email address, click here:
> > http://www.tech-assist.org/unsubb.html
> > To CHANGE your email address, click here:
> > http://www.techassist.net/forms/change.html
> > ------------------------------------------
> > ***NEW*** Tips Added Instantly!!!***
> > Submit Repair Tips here:
> > http://www.tech-assist.org/secure/tip/
>
> ------------------------------------------
> To REMOVE your email address, click here:
> http://www.tech-assist.org/unsubb.html
> To CHANGE your email address, click here:
> http://www.techassist.net/forms/change.html
> ------------------------------------------
> ***NEW*** Tips Added Instantly!!!***
> Submit Repair Tips here:
> http://www.tech-assist.org/secure/tip/
>
------------------------------------------
To REMOVE your email address, click here:
http://www.tech-assist.org/unsubb.html
To CHANGE your email address, click here:
http://www.techassist.net/forms/change.html
------------------------------------------
***NEW*** Tips Added Instantly!!!***
Submit Repair Tips here:
http://www.tech-assist.org/secure/tip/
Other related posts:
